As an Information Security Manager, you will be responsible for securing tailored SaaS-based solutions and continuously developing the Information Security Management System (ISMS) in line with ISO 27001 and DORA requirements. You will work closely with senior legal stakeholders, report directly to executive management, and play a key role in influencing and driving the company’s overall security strategy.
This role is not designed for pure administrators. We are looking for individuals who take ownership, assume responsibility, and want to grow alongside a fast-moving, regulated technology organisation.
Key responsibilities
* ISMS Ownership: Lead, operate, and further develop the ISMS in accordance with ISO 27001, DORA, and additional regulatory requirements within the financial services environment.
* Management Reporting: Identify IT and security risks, conduct risk assessments, and prepare reports for senior management and relevant regulatory authorities.
* Audit Management: Perform internal self-audits and coordinate collaboration with external audit partners and internal audit functions.
* Resilience & Continuity: Initiate penetration tests for applications and ensure operational stability through a robust Business Continuity Management (BCM) framework.
* Security Culture: Act as a sparring partner to all teams and strengthen security awareness across the organisation through workshops and hands-on collaboration.
About the company (anonymised)
The company operates in the open finance / regulated technology space and supports organisations in securely accessing, analysing, and leveraging financial data. With a growing team across Europe and a broad client base including financial institutions and large platforms, the business provides highly regulated, secure access to financial data across the DACH region and beyond.
Your background
* Qualifications: A degree in law, business, information security, or a related field, combined with relevant professional experience in information security and risk management.
* Expertise: Strong practical experience with ISO 27001. Knowledge of MaRisk and initial hands-on exposure to DORA are highly desirable; support is provided to deepen expertise in these areas.
* Mindset: A strong hands-on mentality with analytical thinking, high ownership, and the ability to work independently in a dynamic environment where you can make a real impact.
* Languages: Professional fluency in German and English.
What’s offered
* The opportunity to actively shape security strategy within a leading regulated technology environment
* Flexible working hours and a hybrid setup, including guaranteed home office days
* 30 days of annual leave
* Budget for personal development, structured feedback, and transparent salary processes
* Monthly benefits budget (mobility, health, or lifestyle)
* Subsidised fitness and wellbeing programmes
* Public transport subsidy
* Modern, centrally located office with a positive working atmosphere
* A supportive, purpose-driven culture with experienced and committed colleagues
#J-18808-Ljbffr