ICT GRC – Risk & Compliance Manager (fluent German required)

ICT GRC – Risk & Compliance Manager (fluent German required)

Posted 1 day ago

Location: Berlin, Germany

About the Opportunity

Are you ready to take the next step in your career? As an ICT GRC – Risk & Compliance Manager, you’ll play a key role in shaping how we manage technology and security risks in an increasingly AI-driven financial landscape.

In this role, you’ll be at the forefront of ICT risk management and compliance, ensuring our systems remain secure, resilient, and aligned with evolving regulations such as DORA and BaIT. You’ll work closely with product, technology, and security teams to strengthen our risk framework, enhance resilience, and drive smarter, data-driven decision‑making.

As AI and automation become integral to how we operate, you’ll also help explore and implement intelligent solutions that improve risk identification, assessment, and monitoring. This is a unique opportunity to shape the future of ICT risk management in a fast‑moving digital bank.

In This Role, You Will

• Function as part of the second line of defense, reporting to the Deputy CISO and collaborating closely with first line teams on ICT risk and compliance topics.
• Drive the end‑to‑end ICT Risk Management lifecycle, including identification, assessment, treatment, and monitoring of risks across the technology landscape.
• Maintain and continuously improve the ICT Risk Register, ensuring risks are clearly defined, categorised, and linked to controls, assets, and mitigation measures.
• Perform independent ICT risk assessments on systems, processes, projects, and suppliers, challenging and validating first line risk evaluations.
• Support the implementation and maturity of the ICT Risk Framework in alignment with DORA, BaIT, MaRisk, and internal policies.
• Collaborate with cross‑functional teams to define and track remediation actions, monitor progress, and elevate delays or high‑impact risks.
• Prepare and present ICT risk reporting to management and risk committees (e.g., NFRC).
• Contribute to the continuous enhancement of methodologies, templates, and tools supporting risk governance and reporting.
• Explore and leverage AI and automation tools to enhance efficiency in risk assessment and compliance monitoring.
• Promote a strong risk culture through clear communication, training, and proactive engagement with stakeholders.

Background – What you need to be successful

• Several years of experience in IT Risk Management, Information Security, or related governance and compliance roles, ideally in financial services.
• Solid understanding of risk management frameworks (e.g., ISO 27005, NIST 800‑30) and control standards (e.g., ISO 27001, COBIT).
• Familiarity with European regulatory frameworks including DORA, EBA ICT Guidelines, and BaFin requirements.
• Proven experience maintaining ICT risk registers and conducting risk assessments including third‑party ICT risk assessments.
• Analytical and structured mindset with strong attention to detail.
• Excellent communication skills with the ability to translate technical risks for non‑technical audiences.
• Experience with GRC or risk management tools preferred (e.g., ServiceNow, OneTrust, Archer).
• Fluent in German and English (both written and spoken).

What’s In It For You

• Accelerate your career growth by joining one of Europe’s most talked about disruptors