Senior ICT Risk Manager / Information Security Officer (ISO) (all genders)

Senior ICT Risk Manager / Information Security Officer (ISO) (all genders)

As our Senior ICT Risk Manager / Information Security Officer (all genders), you will take a leading role in safeguarding the operational and cyber resilience of Hubject Financial Services GmbH (HFS).

In this key position, you act as both the Information Security Officer (ISO) and the ICT Risk Control Function mandated by DORA, operating within the second line of defense. You will work closely with the lead risk management (ZAG MaRisk), the CFO/CRO, and be a permanent member of the Risk Committee, ensuring that ICT and security risks are effectively identified, assessed, and managed across the organization.

Your mission: to continuously strengthen HFS’s security posture, digital resilience, and governance maturity while supporting our growth as a regulated fintech at the intersection of payments and e-mobility.

Why Hubject

We develop ideas and deliver solutions for the eMobility market.

We are working on the most important growth topics.

We are an international team of very motivated eMobility enthusiasts.

We have plenty of benefits in the following categories:

• Food & drinks
• Equipment (Laptop etc.)
• Learning & Development
• Mobility
• Work- Life Balance

Hubject Financial Services GmbH was founded in 2024 as a subsidiary of Hubject GmbH. We are a startup consisting of 10 experts covering functions like project, risk and legal management. So, you will naturally support in various topics as part of a small team, learn a lot and contribute to building a new company.

Your Tasks

• You take formal responsibility as the Information Security Officer (ISO) and as the ICT Risk Control Function under DORA, overseeing the governance and effectiveness of HFS’s ICT and cyber risk management framework.
• You establish, operate, and continuously improve the Information Security Management System (ISMS) in alignment with ISO/IEC 27001, DORA, and company strategy, ensuring appropriate policies, controls, and awareness measures are in place.
• You monitor ICT and cyber risks across the institution, review and challenge first-line assessments, and ensure transparent reporting to the Management Board and Risk Committee.
• You coordinate the Local Security Incident Response Team (LSIRT) and act as the central contact for information security incidents, ensuring appropriate escalation, documentation, and regulatory notifications.
• You ensure that internal ICT and security policies, standards, and documentation are consistent, up to date, and embedded effectively across all departments.
• You are responsible for performing and reviewing third-party and ICT-outsourcing risk assessments, ensuring external providers are evaluated and monitored for security and operational resilience in line with DORA and internal standards.
• You design and deliver awareness and training programs on information security and ICT risk topics, fostering a strong security and resilience culture across HFS.
• You stay informed about emerging regulatory, technological, and threat developments to proactively adapt HFS’s ICT risk and security frameworks to evolving requirements.
• You prepare and deliver ICT risk and security reports for internal governance bodies, auditors, and supervisory authorities, ensuring a clear and consistent communication of the institution's ICT risk profile.
• You prepare and deliver ICT-risk and security reports for internal governance bodies, auditors, and supervisory authorities, and contribute to audits, BaFin inspections, and Risk Committee meetings by providing clear analyses, professional reporting, and proactive recommendations.
• You will work in close coordination with the ISO of Hubject GmbH, ensuring consistent alignment of security and ICT risk management practices across both organizations.

Your Profile

• 5+ years of professional experience in ICT risk management, information security, or operational resilience, within a financial-services or fintech environment.
• Expert knowledge of DORA, ISO/IEC 27001, and information-security best practices.
• Experience in establishing, managing, and improving an ISMS, including ICT and third-party-risk control processes.
• Analytical, structured, and proactive working style with the ability to connect technical, regulatory, and business perspectives.
• You are a problem solver: You proactively contribute to finding pragmatic solutions for real complex problems in regard to information security.
• Excellent communication and stakeholder-management skills; confident in engaging with management, auditors, and external partners.
• Entrepreneurial, proactive, and comfortable in dynamic, international environments.

Language

Fluent in German and English, written and spoken.

Location

Onsite in Berlin.

Hybrid system: 2 days per week at the office, 3 days remote.

EUREF Campus in Schöneberg in Berlin - Europe's hotspot for green technology and eMobility.