(Senior) Information Security Manager (m/f/d)

We are looking for a
Senior Information Security Manager (m/f/d)
(unlimited, full-time) Join our team at our location in Berlin, Münster, Amsterdam, Heerenveen, Verl or Luxembourg – flexible working conditions available
to build the next generation fintech.
 

We seek a Senior Information Security Manager to join our CISO’s Consulting team. This role will strengthen our second line of defense. It will be responsible for operating and updating our information security framework, including documentation, controls, risk management, awareness, and metrics.
 

Key Responsibilities in this role:

• Requirement Management: In collaboration with the Legal department, you will regularly screen multiple sources of authority documents, maintain, and update Riverty’s register of legal, contractual, and other factual requirements on information security.
• Control Framework: Using the register of requirements, maintain and update Riverty’s standardized control framework for information security and business continuity. Oversee the change board for the control framework and manage communication within the organization and the team.
• Documentation Framework: You will ensure that Riverty’s control framework on information security and business continuity is accurately reflected in its documentation framework, including policies, standards, and operating instructions.
• Consulting the Business: You will support the ISOs as business partners and guide the first line of defense on internal and external requirements, advising them on effectively implementing pre-designed controls.
• Risk Management: You will play an integral role in Riverty’s regular risk assessment and management schedule for ICT risk across the entire division, supporting ICT risk owners over the entire risk lifecycle.
• Awareness Program & Outreach: You will develop and implement comprehensive awareness campaigns to promote information security and business continuity practices and embed a culture of security and resilience within the organization. Utilize effective communication strategies to ensure all employees are informed and engaged with the initiatives..
• Metrics Framework: You will maintain and update the metrics framework for information security and business continuity, as well as connect data sources, owners, and reporting mechanisms.

What you need to succeed in the role:

• You have completed a university degree in (business) computer science, business administration, or a comparable course.
• You have at least seven years of professional experience in information security, ideally in an international environment.
• You possess a recognized certification in information security, such as CISSP, CISM, or similar.
• You have strong knowledge of risk assessment methodologies (e.g., risk framework 27005), security frameworks (e.g., NIST, ISO 27001), and ICT compliance regulations (EBA guidelines on ICT & security risk management, DORA, CSSF circulars, etc.).
• You deeply understand IT landscapes, architectures, and processes, especially about the cloud (Azure) and agile software development.
• You have excellent communication and presentation skills in English and proficiency in German.
• A high level of initiative, a solution-oriented approach, and a strong focus on enablement characterize you