ICT GRC - Firewall Governance Manager (fluent German required) Berlin

ICT GRC - Firewall Governance Manager (fluent German required)

About the opportunity

We’re looking for an experienced Firewall Maintainer to join our second line ICT GRC team. In this role, you’ll act as the control owner and subject matter expert for network security governance across the bank’s firewall environment.

While the first line teams manage day-to-day operations and configurations, you’ll ensure that firewall management practices meet internal policies, regulatory expectations (DORA, BAIT, MaRisk), and industry standards. You’ll review, challenge, and guide the first line’s technical controls, perform independent assurance activities, and drive continuous improvement of firewall and network-related security controls across the bank’s infrastructure.

This role sits at the intersection of technical expertise and governance, ensuring that our perimeter security remains both compliant and resilient in a fast-changing regulatory and cyber threat landscape.

In this role, you will:

• Define, maintain, and enhance governance controls for firewall management in line with internal policies, DORA, and BaFin requirements.
• Conduct second line reviews of firewall configurations, rule changes, and network segmentation to ensure compliance and risk reduction.
• Challenge and assess the effectiveness of first line firewall controls, including rule review, change management, and logging or monitoring processes.
• Oversee and document key control testing activities for network perimeter and segmentation defenses as part of the ICT control framework.
• Support internal and external audits, as well as regulatory reviews, by providing evidence and technical context for firewall-related controls.
• Maintain visibility over firewall-related risks in the ICT Risk Register, ensuring mitigation actions are clearly defined, tracked, and reported.
• Collaborate closely with Security Engineering and Network Operations teams on architecture changes, rule optimizations, and incident response actions involving network layers.
• Monitor compliance with DORA, BAIT, ISO 27001, and NIST standards related to network and perimeter security.
• Provide governance input and technical advisory during firewall technology lifecycle reviews, vendor assessments, and control revalidations.
• Contribute to ICT GRC dashboards, reports, and control testing summaries shared with the CISO Office and Non-Financial Risk Committee.

What you need to be successful:

Background:

• 4+ years of experience in network security, firewall administration, or security operations, preferably in financial services.
• Strong understanding of enterprise firewall technologies (e.g., Palo Alto, Check Point, Fortinet, Cloudflare) and network security concepts (routing, NAT, VPN, IDS/IPS).
• Proven experience with firewall rule audits, configuration baselines, and security hardening practices.
• Familiarity with ICT control frameworks and second line assurance models.
• Working knowledge of EU and German financial sector regulations, including DORA, BAIT, and MaRisk.
• Understanding of ISO 27001, NIST CSF, or COBIT frameworks.
• Analytical and communication skills to translate technical findings into governance and risk context.
• Fluency in English and German required
• Firewall certification(s) (eg. SANS SEC503)

Skills:

• Combine strong technical knowledge with a governance and assurance mindset.
• Are proactive, detail-oriented, and comfortable challenging established practices.
• Can bridge the gap between technical teams and risk or compliance stakeholders.
• Want to influence how network and perimeter security is governed in a digital-first bank.

What’s in it for you:

• Accelerate your career growth by joining one of Europe’s most talked about disruptors