All positions
Information Security Controls Manager - Cloud & AI Governance
Department:Tech - Regulatory Technology
Location:Berlin
About the opportunity
We are seeking an Information Security Controls Manager
to join the Information Risk Management (IRM) Segment within the Information Security (IS) Controls team at N26. As a member of this team, you will contribute to ensuring that Information Security Controls Framework processes are operated without any disruptions,with a specialized focus on strengthening our Cloud Security posture and AI Governance frameworks.
N26 and its subsidiaries operate in a variety of regulatory environments and across international boundaries, while the IRM team helps N26 to navigate this complex, demanding, and rapidly evolving technological landscape.In this role, you will:
- Frequently communicate with various stakeholders of all levels.
- Execution and review of the Information Security (IS) Controls Framework monitoring process, ensuring comprehensive coverage of cloud infrastructure and AI/ML deployments.
- Communicate, Collate and review the evidence received via monthly control review request tickets (TOE).
- Perform QA reviews, query and or seek clarification from stakeholders to achieve the objectives of controls effectiveness.
- Highlight the gaps/risks observed during reviews, raise non-conformities, particularly concerning cloud misconfigurations and AI model risks, and suggest improvements to the teams or stakeholders.
- Liaise with the CISO office and the DPO office to provide updates on a monthly basis over the status of controls, including compliance updates regarding cloud security and AI systems.
- Improve awareness of controls, security practices, and responsible AI utilization among stakeholders.
- Contribute to the team in developing KRIs
tailored to traditional IT, Cloud environments, and AI use cases. - Working independently and managing the IS Controls daily tasks.
- Review and update the design of the controls pages from a technical perspective and maintain the control calendar.
- Actively work on the change requests from stakeholders.
- Preparation and follow-up of Change Request tickets.
- Drafting and publishing of the monthly control reports & other documentation (MoMs).
- Support the team and stakeholders during audits and coordinating the action items and evidence.
- Maintain controls team’s key documentation to ensure audit readiness.
- Equally participate in designing controls, developing working instructions and procedures that are required based on security standards and regulations such as ISO 27001, EU GDPR, DORA, SWIFT, NIS2,
and the EU AI Act. - Evaluate and map internal control frameworks to cloud security benchmarks (e.g., Cloud Security Alliance (CSA), BSI C5) and AI governance frameworks.
- Facilitate and make sure that all key processes have been documented in an easy and efficient process flow.
- Design and update working instructions to implement the requirements coming from the policies.
- Identify and surface process or tooling-related inefficiencies and support AI enabled process optimizations
- Mapping of Internal control framework to the various regulations/Standards.
What you need to be successful:
- Bachelor’s or Master’s degree, relevant to information security or computer science.
- You have approximately 4-6 years of experience in an information security compliance, risk, or audit role.
- Demonstrated experience or strong knowledge of Cloud Security controls (AWS/Google Cloud preferred) and AI/ML governance risk frameworks.
- Previous hands-on experience or knowledge on security standards such as ISO 27001, ISO42001, NIST,
BSI C5
, and other regulatory requirements like DORA,EU AI Act
, EU CRA & EU GDPR. - Good understanding of Information & Communication Technologies (ICT) and Security controls. Previous experience related to audit/compliance frameworks and methodologies is a plus.
- Ability to communicate clearly with peers, as well as stakeholders of all levels.
- You are proficient in using Jira, Confluence and Google Workspace apps. (i.e. Docs, Sheets, Slides). Good understanding of Google Sheets features and formulas.
- Previous experience with Compliance tools is a plus (i.e. ServiceNow, OneTrust..).
- Ability to analyze and evaluate documentation, reports, data, flowcharts etc., for IT processes such as system development, cloud infrastructure management, and IT operations.
- Fluency in English is strictly required. German proficiency is a plus.
- You have insight into information security and are willing to become deeply acquainted with EU regulatory laws, standard banking requirements, as well as cloud-native banking IT-Systems.
- You have a hands-on mentality and are comfortable to share improvement ideas about existing processes.
What’s in it for you:
- Accelerate your career growth by joining one of Europe’s most talked about disruptors 🚀.
- Employee benefits that range from a competitive personal development budget, work from home budget, discounts to fitness & wellness memberships, language apps and public transportation.
- As an N26 employee you will have access to a Premium subscription on your personal N26 bank account. As well as subscriptions for friends and family members.
- Additional day of annual leave for each year of service.
- A high degree of autonomy and access to cutting edge technologies - all while working with a friendly team of peers of diverse nationalities, experiences, and backgrounds.
- A relocation package with visa support for those who need it.