Logo Upvest

Lead IT Risk Manager

Job

  • Level
    Lead
  • Job Field
    IT, Security
  • Employment Type
    Full Time
  • Contract Type
    Permanent employment
  • Location
    Berlin
  • Working Model
    Hybrid, Onsite
  • Job Summary

    In this role, you will evolve the IT risk management and business continuity framework, conduct comprehensive risk assessments, and ensure alignment with regulatory standards.

    Job Technologies

    Your role in the team

    • As the Lead IT Risk Manager, you will play a pivotal role in owning and evolving our IT Risk Framework within the second-line risk function.
    • Operating in a highly growth-oriented and regulated financial services environment, this role demands an exceptional blend of technical governance expertise, independent challenge capabilities, and strategic stakeholder management.
    • You will serve as the primary second-line authority for IT risk matters, providing oversight to the first-line IT GRC team, leading comprehensive risk assessments, and ensuring strict alignment with Upvest's overarching Risk Appetite Framework.
    • Own and evolve the IT Risk and Business Continuity Management Framework within the second line, keeping it scalable as the business grows.
    • Provide independent second-line oversight and challenge to the first-line IT GRC team on the design and effectiveness of IT controls.
    • Lead IT risk identification, assessment, and mitigation across cyber, technology resilience, third-party, and data security, linking back to the Risk Appetite Framework.
    • Reifen Sie das ISMS voran, indem Sie Richtlinien, Standards und Verfahren mit den entsprechenden Prozessverantwortlichen abstimmen.
    • Define baseline controls and run continuous ISMS maturity assessments against ISO/IEC 27001:2022 and related standards.
    • Oversee third-party IT risk, internal technology exposures, and business continuity assessments.
    • Drive second-line assurance reviews and deep-dives across critical IT risk domains, reporting findings and tracking remediation to closure.
    • Support internal and external audits, including IT General Controls (ITGC) and Application Controls.
    • Run preliminary internal IT audits to prepare engineering, product, and business teams for official engagements.
    • Lead Upvest's DORA obligations, including ICT risk management, incident classification, and third-party ICT risk oversight.
    • Track the regulatory landscape (BaFin, EBA, ESMA, ECB) and translate requirements into actionable risk guidance.
    • Act as the primary second-line contact for IT risk, reporting posture and material risk events to senior stakeholders, the C-suite, and the Risk Committee.

    This text has been machine translated. Show original

    Our expectations of you

    Education

    • University degree in Computer Science, Information Technology, Information Security, or an equivalent academic/professional background.

    Qualifications

    • Deep operational understanding of IT governance standards (e.g., ISO 27001), regulatory risk requirements (BaFin BAIT/MaRisk), and modern resilience standards like DORA.
    • Exceptional verbal and written articulation skills in English, with a proven ability to engage credibly with a multilingual international stakeholder base, technical engineering leads, and C-level executives.
    • A strong product engineering and security-focused mindset, combined with commercial pragmatism and the ability to operate confidently under ambiguity.

    Experience

    • Minimum of 5+ years of progressive professional experience in IT Governance, Risk, Compliance, and Security (IT GRC / IT Security) within a regulated financial institution, bank, fintech, or fast-scaling B2B platform environment.

    This text has been machine translated. Show original

    What we offer

    • Every Upvenger has €20,000 per year to spend on the best AI tools available - so you're always working with the most powerful models and tooling on the market.
    • We're building the infrastructure that will power the future of investing in Europe.
    • It's complex, ambitious, and meaningful.
    • You'll work with modern technologies and create something entirely new.
    • No legacy systems, no limits.
    • Recharge with 30 days of annual leave and maintain a healthy lifestyle with sports benefits.
    • Access confidential professional coaching and enjoy the flexibility to work remotely abroad for up to 183 days a year.
    • Recharge with UpRest, a one-month fully paid sabbatical after every 4 years of working at Upvest.
    • Growth is in our DNA.
    • Each Upvenger has access to a personal development budget and the freedom to decide how to use it.
    • Work from any of our hubs in Berlin, London or Tallinn, hybrid or remotely across Europe, depending on the role.
    • We give you the choice and budget to work where you're most comfortable and productive, either at home or in the office.
    • You choose.
    • We believe that all Upvengers contribute to our success and deserve a competitive, above-market salary and a participation in our employee equity program.
    • Participate in company-wide events, such as UpFest, dinners, offsites, and our Holiday party, to connect with colleagues and celebrate our achievements.

    This text has been machine translated. Show original

    Topics that you deal with on the job

    Job Locations

    • Location Berlin

      Germany

    This is your employer

    Upvest

    Upvest

    Upvest, a fintech startup founded in 2017 in Berlin, offers a modular digital infrastructure and an investment API that enables companies to create customized investment products.

    Description

  • Company Type
    Startup
  • Working Model
    Full Remote, Hybrid, Onsite
  • Industry
    Banking, Finance, Insurance
  • Logo Upvest

    Lead IT Risk Manager

    Location
    Berlin
    Working Model
    Hybrid, Onsite
    Diversity
    Open for all genders
    English Only
    English only required

    More Jobs