ICT GRC - Risk & Compliance Manager

• Function as a key member of the bank's risk function (Second Line of Defense), reporting directly to the Deputy CISO and maintaining close collaboration with First Line of Defense teams on matters of ICT risk management
• Actively engage in the ICT Risk Management process, encompassing proactive risk assessment, analysis, treatment plan identification, mitigation, and ongoing monitoring
• Drive the maturity of the ICT Risk Management framework in adherence to DORA act
• Proactively conduct risk assessments to identify ICT risks within the bank's IT infrastructure and propose appropriate mitigation strategies
• Collaborate with cross-functional teams, including product, technology, security, and other First Line of Defense teams, to identify and implement risk treatment plans
• Maintain the ICT risk register, ensuring the accuracy and completeness of ICT risks
• Proactively report progress and updates to the team, providing detailed reports and presentations on the status of identified risks, mitigation efforts, and compliance
• Leverage artificial intelligence tools and technologies to enhance risk management and compliance processes
• Ensure that all communication is clear, actionable, and aligned with the bank's overarching risk management strategy
• Facilitate regular meetings with key stakeholders to discuss risk status, challenges, and next steps, fostering a culture of continuous improvement and proactive risk management

• Bachelor`s degree in Information Technology, Computer Science, Information Security, or a related field
• Professional certifications such as CISA / CISM / CRISC, or equivalent are highly desirable
• Minimum of 6 years of experience in IT risk management, information security, and compliance, preferably within the banking or financial services industry
• In-depth knowledge of relevant regulatory requirements, such as MaRisk, BAIT, DORA and industry standards such as ISO 27001/27002, NIST, etc
• Strong understanding of IT infrastructure, network security, application security, and cloud security
• Should be able to leverage AI tools and techniques to enhance risk assessment, compliance monitoring, and the identification of emerging threats
• Excellent analytical and problem-solving skills, with the ability to identify and assess complex IT and information security risks
• Possesses expertise in assessing, writing and managing IT risks, threats and the ability to connect it with the appropriate controls
• Ability to proactively recommend improvements to the area based on your expertise, as well as drive and operationalize the necessary changes required
• Strong project management skills with the ability to manage multiple tasks and projects simultaneously
• Ability to manage the ICT Risk Management process from end to end
• Proficiency in using Enterprise GRC tools such OneTrust / ServiceNow GRC and ability to use AI-driven technologies for compliance and risk management is a plus
• Effective communication and interpersonal skills, with the ability to explain technical concepts to non-technical stakeholders
• Strong report-writing and presentation skills
• Fluency in English required, as well as fluency in German
• Adaptable and open to learning, with a keen interest in staying up-to-date with the latest trends and developments in IT and information security
• Detail-oriented and meticulous in ensuring accuracy and thoroughness in all tasks
• Proactive and self-motivated, with the ability to work independently and as part of a team
• Collaborative, able to work well with teams and stakeholders
• Strong topic ownership and a bias for action
• Critical thinking and a drive to improve the status quo
• Both attention to detail and strong conceptual thinking
• Flexibility in a fast-changing and agile environment
• Actively help oneself and the team to be successful
• Willingness to continuously learn and act upon direct feedback
• High ethical standards and integrity, with a strong commitment to confidentiality and data protection

Proficiency in using Enterprise GRC tools such OneTrust / ServiceNow GRC and ability to use AI-driven technologies for compliance and risk management is a plus

• Accelerate your career growth by joining one of Europe’s most talked about disruptors
• Employee benefits that range from a competitive personal development budget, work from home budget, discounts to fitness & wellness memberships, language apps and public transportation
• Access to a Premium subscription on your personal N26 bank account
• Subscriptions for friends and family members
• Additional day of annual leave for each year of service
• A high degree of autonomy and access to cutting edge technologies
• A relocation package with visa support for those who need it