Your mission

As the Chief Information Security Officer (CISO) of Bitpanda Asset Management GmbH, your mission will be to ensure the protection, integrity, confidentiality, and authenticity of our organisation's information assets. You will be responsible for and oversee the information security program as well as maintaining a strong security posture across the organisation. Critically you will be in charge of managing our technology outsourcing relations. You will be a trusted leader within our organisation, responsible for maintaining and enhancing Bitpanda's information security posture, including IT Risk management and Governance at group level.

What you’ll do

• Develop and implement IT GRC strategies for regulatory compliance and risk management for BAM and influence group level policies.
• Assess and manage IT-related risks, ensuring safeguards are in place.
• Monitor and report compliance with regulations, industry standards, and internal policies.
• Responsible for building new capabilities and supporting change projects, i.a. DORA preparations.
• Enhance and enforce information security policies, standards, and procedures especially regarding the German BAIT.
• Carry out continuous risk assessments and vulnerability assessments to identify and mitigate security gaps, as well as identifying the areas for improvement.
• Ensure compliance with German laws, regulations, and industry standards.
• Conduct security audits, material 3rd party assessments and penetration testing.
• Be part of a cross-functional and cross-organisational Information Security Committee for guidance and oversight.
• Manage stakeholders, partners, and vendors to ensure proper data sharing.
• Provide horizon-scanning IT risk assessments based on research and awareness of group level strategies.
• Participate in key Risk and Security committees representing BAM local and at group level

Who you are

• 5+ years of experience in Information/Cyber Security within the German financial services environment.
• In-depth knowledge of finance and banking regulatory requirements for implementing Governance, Risk, and Compliance initiatives.
• Effective communication skills to act as a direct contact point for bank and regulatory authorities.
• Strong decision-maker - able to make decisions that are well informed and timely.
• Flexible and adaptable - capable of showing flexibility to meet new demands and change direction where required and adapt to new security technologies and fast-moving IT landscape.
• Ability to form business partnerships that help drive the information security strategy forward.
• Analytical mind capable of managing numerous information sources and providing data analysis reports to senior management.
• Solid problem solving - think outside the box to retrieve customised solutions...