Senior) Information Security Manager

At Riverty, we believe that everyone should be in control of their own financial situation. Our shared commitment is to make financial solutions more innovative, empathetic and user-friendly to empower financial growth for everyone. To do this, we rely on 50 years of experience and the commitment of over 5,000 creative minds, innovators and explorers in 11 countries.

Are you ready?

As part of our community, you will have the opportunity to develop your skills and transform the world of finance together with us. We create an environment where you can evolve personally and benefit from our flexible working conditions and work-life balance.

**We are looking for a**
**Senior Information Security Manager (M/F/d)**
**(unlimited, full-time) Join our team at our location in Berlin, Münster, Amsterdam, Heerenveen, Verl or Luxembourg - flexible working conditions available**
**to build the next generation fintech.**

We seek a **Senior Information Security Manager** to join our CISO’s Consulting team. This role will strengthen our second line of defense. It will be responsible for operating and updating our information security framework, including documentation, controls, risk management, awareness, and metrics.

**Key Responsibilities in this role**:

- ** Requirement Managemen**t: In collaboration with the Legal department, you will regularly screen multiple sources of authority documents, maintain, and update Riverty’s register of legal, contractual, and other factual requirements on information security.
- **Control Framework**: Using the register of requirements, maintain and update Riverty’s standardized control framework for information security and business continuity. Oversee the change board for the control framework and manage communication within the organization and the team.
- ** Documentation Framework**: You will ensure that Riverty’s control framework on information security and business continuity is accurately reflected in its documentation framework, including policies, standards, and operating instructions.
- ** Consulting the Business**: You will support the ISOs as business partners and guide the first line of defense on internal and external requirements, advising them on effectively implementing pre-designed controls.
- ** Risk Management**: You will play an integral role in Riverty’s regular risk assessment and management schedule for ICT risk across the entire division, supporting ICT risk owners over the entire risk lifecycle.
- ** Awareness Program & Outreach**: You will develop and implement comprehensive awareness campaigns to promote information security and business continuity practices and embed a culture of security and resilience within the organization. Utilize effective communication strategies to ensure all employees are informed and engaged with the initiatives..
- ** Metrics Framework**: You will maintain and update the metrics framework for information security and business continuity, as well as connect data sources, owners, and reporting mechanisms.

**Benefits**:

- **Mobile Office**: Opportunity to work from home
- **Discounts & Extras**: Exclusive Bertelsmann discounts and financial benefits, e.g., €1,500 referral bonus
- **Flexible Working Hours and Models**: Customize your working hours to suit your needs
- **Training & Development**: A variety of (online) courses, from language learning to leadership training, e.g., from Bertelsmann University
- **Health & Leisure**: Supported sports and (mental) health programs, e.g. from our partner TELUS Health
- **Appreciative Environment**: Diversity and employee networks enrich our culture

**What you need to succeed in the role**:

- You have completed a university degree in (business) computer science, business administration, or a comparable course.
- You have at least seven years of professional experience in information security, ideally in an international environment.
- You possess a recognized certification in information security, such as CISSP, CISM, or similar.
- You have strong knowledge of risk assessment methodologies (e.g., risk framework 27005), security frameworks (e.g., NIST, ISO 27001), and ICT compliance regulations (EBA guidelines on ICT & security risk management, DORA, CSSF circulars, etc.).
- You deeply understand IT landscapes, architectures, and processes, especially about the cloud (Azure) and agile software development.
- You have excellent communication and presentation skills in English and proficiency in German.
- A high level of initiative, a solution-oriented approach, and a strong focus on enablement characterize you

**Equal Opportunity Employer Statement**:
We want to be a fair and inclusive employer. We value the diverse perspectives that a diverse workforce brings to the table. Therefore, we are actively looking for people who enrich our company through their identity, background and personal experiences, with or without a disability.