Flip GmbH
GRC Analyst(m/w/x)
Full-timeWith HomeofficeExperienced
Stuttgart, Berlin
New Job?Nejo!
Your personal AI career agent
MOMoss
Information Security GRC Lead(m/w/x)
Berlin
Full-timeWith Home OfficeExperienced
Nejo AI Summary
Building a unified control framework for a SaaS spend management product, mapping to DORA, ISO 27001, SOC 2, and GDPR. Experience building GRC programs in regulated environments required. Company stock options and 600 EUR learning budget.
Requirements
- Built or run GRC programs in fast-paced, regulated environment
- Hands-on experience with ISO 27001, SOC 2 Type 2, and GDPR
- Experience with DORA or strong familiarity with its requirements
- Built or managed unified control frameworks mapped across multiple standards
- Understand controls at technical implementation level
- Designed or evolved risk management framework (ISO 27005, NIST, custom)
- Understand ICT risk integration into enterprise risk management
- Hands-on experience with GRC platforms (Vanta, Drata, ServiceNow GRC, similar)
- Understand BaFin regulatory expectations or similar
- Owned or contributed to BCM/BCP programs, including BIA development and testing
- Driven compliance audits end-to-end, including SOC 2 Type 2 audit cycles
- Understand 1st, 2nd, and 3rd line model and cross-functional work
- Automated GRC processes before (platforms, scripting, no-code)
- See manual compliance work as a problem to be solved
- Fluent written and spoken English
- German language skills (strong plus)
- Automation-first mindset
- Ownership without ego, clean collaboration
- Pragmatic approach to frameworks
- Clear communicator across different audiences
- Calm under audit pressure
Tasks
- Build and maintain unified control framework
- Map controls to DORA, ISO 27001, SOC 2 Type 2, GDPR
- Define control ownership, implementation, evidence sources
- Own ICT risk management framework and register
- Identify, assess, track, report ICT risks
- Collaborate with Risk team on enterprise risk integration
- Automate evidence collection, control testing, reporting
- Automate policy acknowledgements
- Conduct DORA compliance gap analysis
- Track DORA remediation
- Manage DORA ICT risk framework
- Classify and report security incidents to BaFin
- Maintain business continuity management program
- Update business continuity plans
- Test business continuity plans
- Update business impact analysis
- Coordinate ISO 27001 and SOC 2 Type 2 audits
- Manage audit evidence collection
- Handle auditor relationships
- Track audit remediation
- Ensure continuous audit-readiness
- Own asset and data classification schema
- Classify and maintain assets and data
- Perform security due diligence on vendors
- Assess third-party application security
- Manage security policy lifecycle
- Draft, review, control security policies
- Obtain stakeholder sign-off on policies
- Run security awareness program
Work Experience
- approx. 1 - 4 years
Education
- Bachelor's degreeOR
- Master's degree
Languages
- English – Fluent
- German – Basic
Tools & Technologies
- ISO 27001
- SOC 2 Type 2
- GDPR
- DORA
- GRC platforms
- Vanta
- Drata
- ServiceNow GRC
- BaFin
- BCM/BCP
- BIA
Benefits
Competitive Pay
- Company stock option plan
- Top-of-market compensation
- Equity
Learning & Development
- 600 EUR learning budget
- 600 EUR learning and development budget
Mental Health Support
- Mental health and wellbeing offering
Mentorship & Coaching
- 1-on-1 coaching sessions
Healthcare & Fitness
- Urban Sports Club membership
Workation & Sabbatical
- 20 days work from abroad
Corporate Discounts
- Local benefits
Find the original job posting in its most current version here. Nejo automatically captured this job from the website of Moss and processed the information on Nejo with the help of AI for you. Despite careful analysis, some information may be incomplete or inaccurate. Please always verify all details in the original posting! Content and copyrights of the original posting belong to the advertising company.
Not a perfect match?
- Shiftmove
(Senior) Information Security Officer(m/w/x)
Full-timeWith HomeofficeExperiencedBerlin - getolo GmbH
Information Security & IT Governance Lead(m/w/x)
Full-timeWith HomeofficeSeniorBerlin - Secfix
Information Security Specialist (German-speaking)(m/w/x)
Full-timeFreelanceRemoteExperiencedBerlin - Flip App
GRC Analyst(m/w/x)
Full-timeWith HomeofficeExperiencedStuttgart, Berlin
MOMoss
Information Security GRC Lead(m/w/x)
Berlin
Full-timeWith Home OfficeExperienced
Nejo AI Summary
Building a unified control framework for a SaaS spend management product, mapping to DORA, ISO 27001, SOC 2, and GDPR. Experience building GRC programs in regulated environments required. Company stock options and 600 EUR learning budget.
Requirements
- Built or run GRC programs in fast-paced, regulated environment
- Hands-on experience with ISO 27001, SOC 2 Type 2, and GDPR
- Experience with DORA or strong familiarity with its requirements
- Built or managed unified control frameworks mapped across multiple standards
- Understand controls at technical implementation level
- Designed or evolved risk management framework (ISO 27005, NIST, custom)
- Understand ICT risk integration into enterprise risk management
- Hands-on experience with GRC platforms (Vanta, Drata, ServiceNow GRC, similar)
- Understand BaFin regulatory expectations or similar
- Owned or contributed to BCM/BCP programs, including BIA development and testing
- Driven compliance audits end-to-end, including SOC 2 Type 2 audit cycles
- Understand 1st, 2nd, and 3rd line model and cross-functional work
- Automated GRC processes before (platforms, scripting, no-code)
- See manual compliance work as a problem to be solved
- Fluent written and spoken English
- German language skills (strong plus)
- Automation-first mindset
- Ownership without ego, clean collaboration
- Pragmatic approach to frameworks
- Clear communicator across different audiences
- Calm under audit pressure
Tasks
- Build and maintain unified control framework
- Map controls to DORA, ISO 27001, SOC 2 Type 2, GDPR
- Define control ownership, implementation, evidence sources
- Own ICT risk management framework and register
- Identify, assess, track, report ICT risks
- Collaborate with Risk team on enterprise risk integration
- Automate evidence collection, control testing, reporting
- Automate policy acknowledgements
- Conduct DORA compliance gap analysis
- Track DORA remediation
- Manage DORA ICT risk framework
- Classify and report security incidents to BaFin
- Maintain business continuity management program
- Update business continuity plans
- Test business continuity plans
- Update business impact analysis
- Coordinate ISO 27001 and SOC 2 Type 2 audits
- Manage audit evidence collection
- Handle auditor relationships
- Track audit remediation
- Ensure continuous audit-readiness
- Own asset and data classification schema
- Classify and maintain assets and data
- Perform security due diligence on vendors
- Assess third-party application security
- Manage security policy lifecycle
- Draft, review, control security policies
- Obtain stakeholder sign-off on policies
- Run security awareness program
Work Experience
- approx. 1 - 4 years
Education
- Bachelor's degreeOR
- Master's degree
Languages
- English – Fluent
- German – Basic
Tools & Technologies
- ISO 27001
- SOC 2 Type 2
- GDPR
- DORA
- GRC platforms
- Vanta
- Drata
- ServiceNow GRC
- BaFin
- BCM/BCP
- BIA
Benefits
Competitive Pay
- Company stock option plan
- Top-of-market compensation
- Equity
Learning & Development
- 600 EUR learning budget
- 600 EUR learning and development budget
Mental Health Support
- Mental health and wellbeing offering
Mentorship & Coaching
- 1-on-1 coaching sessions
Healthcare & Fitness
- Urban Sports Club membership
Workation & Sabbatical
- 20 days work from abroad
Corporate Discounts
- Local benefits
Find the original job posting in its most current version here. Nejo automatically captured this job from the website of Moss and processed the information on Nejo with the help of AI for you. Despite careful analysis, some information may be incomplete or inaccurate. Please always verify all details in the original posting! Content and copyrights of the original posting belong to the advertising company.
About the Company
Moss
Industry
FinancialServices
Description
Moss is a SaaS scale-up founded in Berlin, aiming to power SMBs' spend across Europe with a fully digital, AI-driven solution.
Not a perfect match?
- Flip GmbH
GRC Analyst(m/w/x)
Full-timeWith HomeofficeExperiencedStuttgart, Berlin - Shiftmove
(Senior) Information Security Officer(m/w/x)
Full-timeWith HomeofficeExperiencedBerlin - getolo GmbH
Information Security & IT Governance Lead(m/w/x)
Full-timeWith HomeofficeSeniorBerlin - Secfix
Information Security Specialist (German-speaking)(m/w/x)
Full-timeFreelanceRemoteExperiencedBerlin - Flip App
GRC Analyst(m/w/x)
Full-timeWith HomeofficeExperiencedStuttgart, Berlin