Shiftmove
(Senior) Information Security Officer(m/w/x)
Vollzeitmit HomeofficeBerufserfahren
Berlin
Neuer Job?Nejo!
Dein persönlicher KI-Karriere-Agent
MOMoss
Information Security GRC Lead(m/w/x)
Berlin
Vollzeitmit HomeofficeBerufserfahren
Nejo KI-Zusammenfassung
Building a unified control framework for a SaaS spend management product, mapping to DORA, ISO 27001, SOC 2, and GDPR. Experience building GRC programs in regulated environments required. Company stock options and 600 EUR learning budget.
Anforderungen
- Built or run GRC programs in fast-paced, regulated environment
- Hands-on experience with ISO 27001, SOC 2 Type 2, and GDPR
- Experience with DORA or strong familiarity with its requirements
- Built or managed unified control frameworks mapped across multiple standards
- Understand controls at technical implementation level
- Designed or evolved risk management framework (ISO 27005, NIST, custom)
- Understand ICT risk integration into enterprise risk management
- Hands-on experience with GRC platforms (Vanta, Drata, ServiceNow GRC, similar)
- Understand BaFin regulatory expectations or similar
- Owned or contributed to BCM/BCP programs, including BIA development and testing
- Driven compliance audits end-to-end, including SOC 2 Type 2 audit cycles
- Understand 1st, 2nd, and 3rd line model and cross-functional work
- Automated GRC processes before (platforms, scripting, no-code)
- See manual compliance work as a problem to be solved
- Fluent written and spoken English
- German language skills (strong plus)
- Automation-first mindset
- Ownership without ego, clean collaboration
- Pragmatic approach to frameworks
- Clear communicator across different audiences
- Calm under audit pressure
Aufgaben
- Build and maintain unified control framework
- Map controls to DORA, ISO 27001, SOC 2 Type 2, GDPR
- Define control ownership, implementation, evidence sources
- Own ICT risk management framework and register
- Identify, assess, track, report ICT risks
- Collaborate with Risk team on enterprise risk integration
- Automate evidence collection, control testing, reporting
- Automate policy acknowledgements
- Conduct DORA compliance gap analysis
- Track DORA remediation
- Manage DORA ICT risk framework
- Classify and report security incidents to BaFin
- Maintain business continuity management program
- Update business continuity plans
- Test business continuity plans
- Update business impact analysis
- Coordinate ISO 27001 and SOC 2 Type 2 audits
- Manage audit evidence collection
- Handle auditor relationships
- Track audit remediation
- Ensure continuous audit-readiness
- Own asset and data classification schema
- Classify and maintain assets and data
- Perform security due diligence on vendors
- Assess third-party application security
- Manage security policy lifecycle
- Draft, review, control security policies
- Obtain stakeholder sign-off on policies
- Run security awareness program
Berufserfahrung
- ca. 1 - 4 Jahre
Ausbildung
- Bachelor-AbschlussODER
- Master-Abschluss
Sprachen
- Englisch – fließend
- Deutsch – Grundkenntnisse
Tools & Technologien
- ISO 27001
- SOC 2 Type 2
- GDPR
- DORA
- GRC platforms
- Vanta
- Drata
- ServiceNow GRC
- BaFin
- BCM/BCP
- BIA
Benefits
Attraktive Vergütung
- Company stock option plan
- Top-of-market compensation
- Equity
Weiterbildungsangebote
- 600 EUR learning budget
- 600 EUR learning and development budget
Mentale Gesundheitsförderung
- Mental health and wellbeing offering
Mentoring & Coaching
- 1-on-1 coaching sessions
Gesundheits- & Fitnessangebote
- Urban Sports Club membership
Workation & Sabbatical
- 20 days work from abroad
Mitarbeiterrabatte
- Local benefits
Die Originalanzeige dieses Stellenangebotes in der aktuellsten Version findest du hier. Nejo hat diesen Job automatisch von der Website des Unternehmens Moss erfasst und die Informationen auf Nejo mit Hilfe von KI für dich aufbereitet. Trotz sorgfältiger Analyse können einzelne Informationen unvollständig oder ungenau sein. Bitte prüfe immer alle Angaben in der Originalanzeige! Inhalte und Urheberrechte der Originalanzeige liegen beim ausschreibenden Unternehmen.
Noch nicht perfekt?
- getolo GmbH
Information Security & IT Governance Lead(m/w/x)
Vollzeitmit HomeofficeSeniorBerlin - Flip GmbH
GRC Analyst(m/w/x)
Vollzeitmit HomeofficeBerufserfahrenStuttgart, Berlin - Secfix
Information Security Specialist (German-speaking)(m/w/x)
VollzeitFreelanceRemoteBerufserfahrenBerlin - Flip App
GRC Analyst(m/w/x)
Vollzeitmit HomeofficeBerufserfahrenStuttgart, Berlin
MOMoss
Information Security GRC Lead(m/w/x)
Berlin
Vollzeitmit HomeofficeBerufserfahren
Nejo KI-Zusammenfassung
Building a unified control framework for a SaaS spend management product, mapping to DORA, ISO 27001, SOC 2, and GDPR. Experience building GRC programs in regulated environments required. Company stock options and 600 EUR learning budget.
Anforderungen
- Built or run GRC programs in fast-paced, regulated environment
- Hands-on experience with ISO 27001, SOC 2 Type 2, and GDPR
- Experience with DORA or strong familiarity with its requirements
- Built or managed unified control frameworks mapped across multiple standards
- Understand controls at technical implementation level
- Designed or evolved risk management framework (ISO 27005, NIST, custom)
- Understand ICT risk integration into enterprise risk management
- Hands-on experience with GRC platforms (Vanta, Drata, ServiceNow GRC, similar)
- Understand BaFin regulatory expectations or similar
- Owned or contributed to BCM/BCP programs, including BIA development and testing
- Driven compliance audits end-to-end, including SOC 2 Type 2 audit cycles
- Understand 1st, 2nd, and 3rd line model and cross-functional work
- Automated GRC processes before (platforms, scripting, no-code)
- See manual compliance work as a problem to be solved
- Fluent written and spoken English
- German language skills (strong plus)
- Automation-first mindset
- Ownership without ego, clean collaboration
- Pragmatic approach to frameworks
- Clear communicator across different audiences
- Calm under audit pressure
Aufgaben
- Build and maintain unified control framework
- Map controls to DORA, ISO 27001, SOC 2 Type 2, GDPR
- Define control ownership, implementation, evidence sources
- Own ICT risk management framework and register
- Identify, assess, track, report ICT risks
- Collaborate with Risk team on enterprise risk integration
- Automate evidence collection, control testing, reporting
- Automate policy acknowledgements
- Conduct DORA compliance gap analysis
- Track DORA remediation
- Manage DORA ICT risk framework
- Classify and report security incidents to BaFin
- Maintain business continuity management program
- Update business continuity plans
- Test business continuity plans
- Update business impact analysis
- Coordinate ISO 27001 and SOC 2 Type 2 audits
- Manage audit evidence collection
- Handle auditor relationships
- Track audit remediation
- Ensure continuous audit-readiness
- Own asset and data classification schema
- Classify and maintain assets and data
- Perform security due diligence on vendors
- Assess third-party application security
- Manage security policy lifecycle
- Draft, review, control security policies
- Obtain stakeholder sign-off on policies
- Run security awareness program
Berufserfahrung
- ca. 1 - 4 Jahre
Ausbildung
- Bachelor-AbschlussODER
- Master-Abschluss
Sprachen
- Englisch – fließend
- Deutsch – Grundkenntnisse
Tools & Technologien
- ISO 27001
- SOC 2 Type 2
- GDPR
- DORA
- GRC platforms
- Vanta
- Drata
- ServiceNow GRC
- BaFin
- BCM/BCP
- BIA
Benefits
Attraktive Vergütung
- Company stock option plan
- Top-of-market compensation
- Equity
Weiterbildungsangebote
- 600 EUR learning budget
- 600 EUR learning and development budget
Mentale Gesundheitsförderung
- Mental health and wellbeing offering
Mentoring & Coaching
- 1-on-1 coaching sessions
Gesundheits- & Fitnessangebote
- Urban Sports Club membership
Workation & Sabbatical
- 20 days work from abroad
Mitarbeiterrabatte
- Local benefits
Die Originalanzeige dieses Stellenangebotes in der aktuellsten Version findest du hier. Nejo hat diesen Job automatisch von der Website des Unternehmens Moss erfasst und die Informationen auf Nejo mit Hilfe von KI für dich aufbereitet. Trotz sorgfältiger Analyse können einzelne Informationen unvollständig oder ungenau sein. Bitte prüfe immer alle Angaben in der Originalanzeige! Inhalte und Urheberrechte der Originalanzeige liegen beim ausschreibenden Unternehmen.
Über das Unternehmen
Moss
Branche
FinancialServices
Beschreibung
Moss is a SaaS scale-up founded in Berlin, aiming to power SMBs' spend across Europe with a fully digital, AI-driven solution.
Noch nicht perfekt?
- Shiftmove
(Senior) Information Security Officer(m/w/x)
Vollzeitmit HomeofficeBerufserfahrenBerlin - getolo GmbH
Information Security & IT Governance Lead(m/w/x)
Vollzeitmit HomeofficeSeniorBerlin - Flip GmbH
GRC Analyst(m/w/x)
Vollzeitmit HomeofficeBerufserfahrenStuttgart, Berlin - Secfix
Information Security Specialist (German-speaking)(m/w/x)
VollzeitFreelanceRemoteBerufserfahrenBerlin - Flip App
GRC Analyst(m/w/x)
Vollzeitmit HomeofficeBerufserfahrenStuttgart, Berlin