Logo Upvest

Lead IT Risk Manager

Job

  • Level
    Lead
  • Job Feld
    IT, Security
  • Anstellung
    Vollzeit
  • Vertragsart
    Unbefristetes Dienstverhältnis
  • Ort
    Berlin
  • Arbeitsmodell
    Hybrid, Onsite
  • Job Zusammenfassung

    In dieser Rolle entwickelst du das IT-Risikomanagement und das Business-Continuity-Management weiter, führst umfassende Risikoanalysen durch und gewährleistest die Einhaltung von regulatorischen Standards.

    Job Technologien

    Deine Rolle im Team

    • As the Lead IT Risk Manager, you will play a pivotal role in owning and evolving our IT Risk Framework within the second-line risk function.
    • Operating in a highly growth-oriented and regulated financial services environment, this role demands an exceptional blend of technical governance expertise, independent challenge capabilities, and strategic stakeholder management.
    • You will serve as the primary second-line authority for IT risk matters, providing oversight to the first-line IT GRC team, leading comprehensive risk assessments, and ensuring strict alignment with Upvest's overarching Risk Appetite Framework.
    • Own and evolve the IT Risk and Business Continuity Management Framework within the second line, keeping it scalable as the business grows.
    • Provide independent second-line oversight and challenge to the first-line IT GRC team on the design and effectiveness of IT controls.
    • Lead IT risk identification, assessment, and mitigation across cyber, technology resilience, third-party, and data security, linking back to the Risk Appetite Framework.
    • Mature the ISMS by guiding policies, standards, and procedures with the relevant process owners.
    • Define baseline controls and run continuous ISMS maturity assessments against ISO/IEC 27001:2022 and related standards.
    • Oversee third-party IT risk, internal technology exposures, and business continuity assessments.
    • Drive second-line assurance reviews and deep-dives across critical IT risk domains, reporting findings and tracking remediation to closure.
    • Support internal and external audits, including IT General Controls (ITGC) and Application Controls.
    • Run preliminary internal IT audits to prepare engineering, product, and business teams for official engagements.
    • Lead Upvest's DORA obligations, including ICT risk management, incident classification, and third-party ICT risk oversight.
    • Track the regulatory landscape (BaFin, EBA, ESMA, ECB) and translate requirements into actionable risk guidance.
    • Act as the primary second-line contact for IT risk, reporting posture and material risk events to senior stakeholders, the C-suite, and the Risk Committee.

    Unsere Erwartungen an dich

    Ausbildung

    • University degree in Computer Science, Information Technology, Information Security, or an equivalent academic/professional background.

    Qualifikationen

    • Deep operational understanding of IT governance standards (e.g., ISO 27001), regulatory risk requirements (BaFin BAIT/MaRisk), and modern resilience standards like DORA.
    • Exceptional verbal and written articulation skills in English, with a proven ability to engage credibly with a multilingual international stakeholder base, technical engineering leads, and C-level executives.
    • A strong product engineering and security-focused mindset, combined with commercial pragmatism and the ability to operate confidently under ambiguity.

    Erfahrung

    • Minimum of 5+ years of progressive professional experience in IT Governance, Risk, Compliance, and Security (IT GRC / IT Security) within a regulated financial institution, bank, fintech, or fast-scaling B2B platform environment.

    Unser Angebot

    • Every Upvenger has €20,000 per year to spend on the best AI tools available - so you're always working with the most powerful models and tooling on the market.
    • We're building the infrastructure that will power the future of investing in Europe.
    • It's complex, ambitious, and meaningful.
    • You'll work with modern technologies and create something entirely new.
    • No legacy systems, no limits.
    • Recharge with 30 days of annual leave and maintain a healthy lifestyle with sports benefits.
    • Access confidential professional coaching and enjoy the flexibility to work remotely abroad for up to 183 days a year.
    • Recharge with UpRest, a one-month fully paid sabbatical after every 4 years of working at Upvest.
    • Growth is in our DNA.
    • Each Upvenger has access to a personal development budget and the freedom to decide how to use it.
    • Work from any of our hubs in Berlin, London or Tallinn hybrid or remotely across Europe, depending on the role.
    • We give you the choice and budget to work where you're most comfortable and productive, either at home or in the office.
    • You choose.
    • We believe that all Upvengers contribute to our success and deserve a competitive, above-market salary and a participation in our employee equity program.
    • Participate in company-wide events, such as UpFest, dinners, offsites and our Holiday party, to connect with colleagues and celebrate our achievements.

    Themen mit denen du dich im Job beschäftigst

    Job Standorte

    • Standort Berlin

      Deutschland

    Das ist dein Arbeitgeber

    Upvest

    Upvest

    Upvest, ein 2017 in Berlin gegründetes Fintech-Startup, bietet eine modulare digitale Infrastruktur und eine Investment-API, die es Unternehmen ermöglicht, individuelle Anlageprodukte zu schaffen.

    Description

  • Unternehmenstyp
    Startup
  • Arbeitsmodell
    Full Remote, Hybrid, Onsite
  • Branche
    Banken, Finanz, Versicherung
  • Logo Upvest

    Lead IT Risk Manager

    Ort
    Berlin
    Arbeitsmodell
    Hybrid, Onsite
    Diversität
    Für alle Personen geeignet (m/w/d)
    Nur Englisch
    Nur Englisch erforderlich

    Weitere Jobs