All positions
Head of Information Security and Resilience - CISO
Department:Risk
Location:Berlin
About the opportunity
The Head of Information Security and Resilience - Chief Information Security Officer (CISO) is responsible for leading and further developing N26’s Information Security, Business Continuity and Data Privacy management. The Head as member of the (2nd line) Risk Leadership team, will be closely involved in the overall non-financial risk management of N26, and will serve a key role in creating a culture where security and resilience is a value proposition.
You will establish and implement highly effective policies, firm protocols, and security frameworks and promote appropriate collaboration among 1st and 2nd line stakeholders, teams, and structure while growing, managing, and overseeing the N26 Group.
In this role, you will:
- Manage the Information Security & Resilience department (incl. ICT Governance, Risk and Compliance (GRC), Business Continuity Management (BCM), and Data Privacy team) and corresponding reporting to internal and external stakeholders.
- Develop and maintain the Information Security Management System (ISMS), taking on responsibility of N26’s ICT Risk Management (including third-parties) and BCM, and ensuring adherence to 2nd line responsibilities as outlined in the BAIT/DORA and MaRisk.
- Assume the title and responsibilities of Chief Information Security Officer (CISO), whilst overseeing information security policies, strategies, and practices.
- Improve and maintain Information Security three lines of defense model.
- Establish long-range security, resilience and compliance goals; define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.
- Establish communication lines with the security teams to steer areas such as TLTP, vulnerabilities, security Incidents and other key technical security considerations.
- Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
- Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the organization in its best light.
- Work with leadership and relevant responsible departments (e.g. Security Engineering Department) to build cohesive security, resilience and compliance programs for the agency to effectively address state and federal statutory and regulatory requirements.
- Translate regulatory requirements to the current generation of technology stacks
- Establish a Information Security and Resilience report and contribute to the quarterly risk report incl. submission and presentation to the management and supervisory board as well as other key stakeholders.
- Serve as contact person for the Bundesamt für Sicherheit in der Informationstechnik (BSI); support on information security and risk management requests from BaFin and Bundesbank.
What you need to be successful:
Background
- Degree in information security, computer science, information systems management, a related field, or equivalent work experience.
- At least 10 years' experience in a similar role within information security in banking or regulated financial institutions in Germany.
- Experience with interfacing with senior executives at the business leader level and communicating complex cybersecurity and business continuity concepts in business-relevant ways.
- Experience with information disaster recovery planning and testing, auditing, risk analysis, business system resumption planning, and contingency planning.
- Deep expertise in security, business continuity, privacy, IT audit and compliance, security standards, guidelines, and principles within large and highly distributed organizations.
- Brilliant knowledge of regulatory requirements in relation to information security, business continuity and data protection (e.g. BAIT/DORA, NIS2, MaRisk, GDPR, etc.).
- Experience in identifying security solutions that meet predefined regulatory/compliance requirements.
- Industry specific certifications like CISSP, CISM, CISA, CCSP are considered as a plus.
- Excellent Knowledge of IT security frameworks (NIST, ISO 27000 series, PCI DSS, C5, COBIT etc.).
Skills
- Good communication and presentation skills with excellent command of German and English languages.
- Possess a very good understanding of modern Cloud Based, Microservice and DevOps architectures.
- Ability to maintain awareness of cybersecurity industry trends, evaluate solutions and techniques, and remain aware of new and emerging threats.
- Ability to work with full confidentiality and a high level of personal integrity.
What’s in it for you:
- Accelerate your career growth by joining one of Europe’s most talked about disruptors 🚀.
- Employee benefits that range from a competitive personal development budget, work from home budget, discounts to fitness & wellness memberships, language apps and public transportation.
- As an N26 employee you will have access to a Premium subscription on your personal N26 bank account. As well as subscriptions for friends and family members.
- Vacation days vary depending on your location of work. Additional day of annual leave for each year of service.
- A high degree of autonomy and access to cutting edge technologies - all while working with a friendly team of peers of diverse nationalities, life experiences and family statuses.
- A relocation package with visa support for those who need it.