openashbyhqbvp
Lead IT Risk Manager (f/m/d)
Upvest
LocationBerlin
WorkplaceHybrid
EmploymentFullTime
Posted2026-06-23T13:38:04.440+00:00
Last observed2026-06-29 00:42:47.039548
Job idbvp-upvest:ashbyhq:f2d8a8bf-b300-47dd-89e2-a23b97468a63
At Upvest, we are on a mission to make investing as easy as spending money. Upvest empowers businesses to offer a wide range of investment products and the best experience in the field of capital market investment and retirement planning. Upvest’s Investment API is easy to integrate so that fintechs and financial institutions can save resources and fully focus on their core business. We are proud to partner with Europe’s leading Fintechs and financial institutions such as DKB, Revolut, N26 and Raisin. Founded in 2017 by Martin Kassing, Upvest now brings together over 270 talented professionals from more than 70 nationalities. Upvest is backed by €280M in total funding from world-class investors, including BlackRock, Tencent, Sapphire Ventures, and Bessemer Venture Partners, Earlybird, Notion Capital, and Motive. Our latest €105M funding round in March 2026 - led by Sapphire and Tencent - serves as a massive catalyst for our growth, allowing us to offer premier investment experience. ABOUT THE ROLE: As the Lead IT Risk Manager, you will play a pivotal role in owning and evolving our IT Risk Framework within the second-line risk function. Operating in a highly growth-oriented and regulated financial services environment, this role demands an exceptional blend of technical governance expertise, independent challenge capabilities, and strategic stakeholder management. You will serve as the primary second-line authority for IT risk matters, providing oversight to the first-line IT GRC team, leading comprehensive risk assessments, and ensuring strict alignment with Upvest's overarching Risk Appetite Framework. WHAT YOU’LL DO: Risk Framework Ownership & Oversight - Own and evolve the IT Risk and Business Continuity Management Framework within the second line, keeping it scalable as the business grows. - Provide independent second-line oversight and challenge to the first-line IT GRC team on the design and effectiveness of IT controls. - Lead IT risk identification, assessment, and mitigation across cyber, technology resilience, third-party, and data security, linking back to the Risk Appetite Framework. IT Governance & Compliance Management - Mature the ISMS by guiding policies, standards, and procedures with the relevant process owners. - Define baseline controls and run continuous ISMS maturity assessments against ISO/IEC 27001:2022 and related standards. - Oversee third-party IT risk, internal technology exposures, and business continuity assessments. IT Audit & 2nd Line Assurance - Drive second-line assurance reviews and deep-dives across critical IT risk domains, reporting findings and tracking remediation to closure. - Support internal and external audits, including IT General Controls (ITGC) and Application Controls. - Run preliminary internal IT audits to prepare engineering, product, and business teams for official engagements. Regulatory Alignment & Stakeholder Management - Lead Upvest's DORA obligations, including ICT risk management, incident classification, and third-party ICT risk oversight. - Track the regulatory landscape (BaFin, EBA, ESMA, ECB) and translate requirements into actionable risk guidance. - Act as the primary second-line contact for IT risk, reporting posture and material risk events to senior stakeholders, the C-suite, and the Risk Committee WHAT YOU BRING: - Education: University degree in Computer Science, Information Technology, Information Security, or an equivalent academic/professional background. - Experience: Minimum of 5+ years of progressive professional experience in IT Governance, Risk, Compliance, and Security (IT GRC / IT Security) within a regulated financial institution, bank, fintech, or fast-scaling B2B platform environment. - Technical Depth: Deep operational understanding of IT governance standards (e.g., ISO 27001), regulatory risk requirements (BaFin BAIT/MaRisk), and modern resilience standards like DORA. - Communication Skills: Exceptional verbal and written articulation skills i
This page is generated from the committed OpenOpps static snapshot. Use the source posting or apply link for the employer's current canonical posting state.