Chief Information Security Officer (CISO) (mwd)

You are responsible for leading and maturing our information security posture across the  Group (Zero Finnet TraderFox). Operating at the intersection of cyber risk regulatory compliance and business enablement this role demands both strategic vision and hands-on operational leadership. As a regulated financial services organisation under BaFin scrutiny the CISO will build a security programme that meets the highest standards of resilience;  transforming our current baseline into a mature risk-driven security capability that supports our ambitions in Neo-Brokerage and digital finance. 

Core Responsibilities 

Security Strategy & Governance: 

• Shape and drive the Group-wide security strategy 

• Turn regulatory requirements into clear priorities 

• Close key gaps across assets vulnerabilities and third parties 

Risk Management & Compliance: 

• Build and run a DORA-aligned ICT risk framework 

• Create transparency across risks and controls 

• Report clearly to senior leadership and the board 

Vulnerability & Threat Management: 

• Roll out vulnerability management across the Group 

• Reduce critical findings and remediation backlog 

• Improve detection through stronger SIEM capabilities 

Endpoint & Identity Security: 

• Expand endpoint protection and MFA coverage 

• Improve device health and security visibility 

• Enforce consistent controls across all entities 

Security Awareness & Developer Enablement: 

• Build a stronger security-first culture 

• Increase awareness training completion 

• Enable developers through secure coding and champions 

Incident Response & Assurance: 

• Lead incident response and post-incident reviews 

• Run regular backup and response tests 

• Anchor assurance activities in daily operations 

Third-Party & Supply Chain Risk: 

• Strengthen third-party risk management 

• Raise due diligence standards for vendors 

• Reduce supply chain risk across the Group 

Qualifications :

Security Leadership & Regulatory Expertise 

• Proven leadership in information security ideally in regulated financial services or FinTech 

• Strong knowledge of DORA GDPR BaFin and common control frameworks such as CIS ISO 27001 and SOC 2 

• Experience leading audits assessments and regulatory reviews 

Security Programme & Risk Management 

• Track record of building structured risk-driven security programmes 

• Experience improving security maturity in complex or fast-growing environments 

• Strong understanding of vulnerability management remediation workflows and risk reporting 

Stakeholder Management & Execution 

• Able to communicate security risks clearly to Board and senior stakeholders 

• Strong cross-functional influence across Engineering IT Legal and Compliance 

• Proven ability to roll out security processes with measurable impact 

Technical & Operational Expertise 

• Solid understanding of security architecture across endpoints identity networks and cloud 

• Hands-on experience with SIEM EDR/XDR vulnerability scanning and asset management tools 

• Good awareness of AI-related security risks and secure AI adoption in regulated environments 

Zusätzliche Informationen :

Youll join a modern work environment with over 250 colleagues shaped by trust flexibility and genuine collaboration. Youll work in a hybrid setup and use our office hubs in Karlsruhe Munich or Berlin; complemented by up to 15 days of workation within the EU per calendar year.

We actively support your personal and professional development through training seminars and conferences in the dynamic fintech and stock/financial sector. We place great importance on an open collaborative atmosphere team spirit and shared success.

You can also expect the following benefits:

• Modern office hubs & hybrid working

• Training and development opportunities in financial markets/investing

• Regular team events & a strong company culture

• Health & mobility benefits (bike leasing public transport subsidy)

• Attractive financial benefits & additional perks

• An environment where you can contribute grow and feel comfortable

Remote Work :

No

Employment Type :

Full-time