Chief Information Security Officer (CISO) (m/w/d) at finanzen.net GmbH

Munich, Bavaria, Germany -

Full Time

Start Date

Immediate

Expiry Date

18 Jun, 26

Salary

0.0

Posted On

20 Mar, 26

Experience

10 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Security Strategy, Governance, Risk Management, Regulatory Compliance, DORA, GDPR, BaFin, ISO 27001, SOC 2, Vulnerability Management, SIEM, Endpoint Protection, Identity Security, Incident Response, Third-Party Risk Management, Secure Coding

Industry

Financial Services

Description

Unternehmensbeschreibung About Finanzen.net Group Finanzen.net Group is an innovative FinTech company that supports both private and professional investors in making informed investment decisions. The group includes: finanzen.net – one of the leading financial information portals in the DACH region finanzen.net ZERO – a neobroker offering low-cost and secure trading of securities TraderFox – a provider of financial information and trading tools for professional investors and those aspiring to become one Our Vision We strive to be the best partner for our customers on their investment journey. Growth and Acquisition At the beginning of 2025, the Finanzen Group was acquired by Inflexion, a leading European private equity firm in the mid-cap segment. Inflexion supports ambitious management teams in developing and scaling high-growth companies sustainably. As part of the acquisition, the previously independent business units are being strategically integrated. This realignment, combined with the group's strong innovative capabilities, creates new growth opportunities to further strengthen its position as a leading investment platform. Working With Us To successfully implement our growth strategy and value creation program, we are looking for talented individuals who want to actively shape this transformation. We value personal exchange: we work hybrid – three collaborative days at one of our hubs in Karlsruhe, Munich, or Berlin, and two days remote. Stellenbeschreibung You are responsible for leading and maturing our information security posture across the finanzen.net Group (Zero, Finnet, TraderFox). Operating at the intersection of cyber risk, regulatory compliance, and business enablement, this role demands both strategic vision and hands-on operational leadership. As a regulated financial services organisation under BaFin scrutiny, the CISO will build a security programme that meets the highest standards of resilience; transforming our current baseline into a mature, risk-driven security capability that supports our ambitions in Neo-Brokerage and digital finance. Core Responsibilities Security Strategy & Governance: Shape and drive the Group-wide security strategy Turn regulatory requirements into clear priorities Close key gaps across assets, vulnerabilities, and third parties Risk Management & Compliance: Build and run a DORA-aligned ICT risk framework Create transparency across risks and controls Report clearly to senior leadership and the board Vulnerability & Threat Management: Roll out vulnerability management across the Group Reduce critical findings and remediation backlog Improve detection through stronger SIEM capabilities Endpoint & Identity Security: Expand endpoint protection and MFA coverage Improve device health and security visibility Enforce consistent controls across all entities Security Awareness & Developer Enablement: Build a stronger security-first culture Increase awareness training completion Enable developers through secure coding and champions Incident Response & Assurance: Lead incident response and post-incident reviews Run regular backup and response tests Anchor assurance activities in daily operations Third-Party & Supply Chain Risk: Strengthen third-party risk management Raise due diligence standards for vendors Reduce supply chain risk across the Group Qualifikationen Security Leadership & Regulatory Expertise Proven leadership in information security, ideally in regulated financial services or FinTech Strong knowledge of DORA, GDPR, BaFin, and common control frameworks such as CIS, ISO 27001, and SOC 2 Experience leading audits, assessments, and regulatory reviews Security Programme & Risk Management Track record of building structured, risk-driven security programmes Experience improving security maturity in complex or fast-growing environments Strong understanding of vulnerability management, remediation workflows, and risk reporting Stakeholder Management & Execution Able to communicate security risks clearly to Board and senior stakeholders Strong cross-functional influence across Engineering, IT, Legal, and Compliance Proven ability to roll out security processes with measurable impact Technical & Operational Expertise Solid understanding of security architecture across endpoints, identity, networks, and cloud Hands-on experience with SIEM, EDR/XDR, vulnerability scanning, and asset management tools Good awareness of AI-related security risks and secure AI adoption in regulated environments Zusätzliche Informationen You’ll join a modern work environment with over 250 colleagues, shaped by trust, flexibility, and genuine collaboration. You’ll work in a hybrid setup and use our office hubs in Karlsruhe, Munich or Berlin; complemented by up to 15 days of “workation” within the EU per calendar year. We actively support your personal and professional development through training, seminars, and conferences in the dynamic fintech and stock/financial sector. We place great importance on an open, collaborative atmosphere, team spirit, and shared success. You can also expect the following benefits: Modern office hubs & hybrid working Training and development opportunities in financial markets/investing Regular team events & a strong company culture Health & mobility benefits (bike leasing, public transport subsidy) Attractive financial benefits & additional perks An environment where you can contribute, grow, and feel comfortable

Responsibilities

The CISO will be responsible for leading and maturing the information security posture across the entire Finanzen.net Group, operating at the intersection of cyber risk, regulatory compliance, and business enablement. Core duties include shaping the security strategy, building a DORA-aligned ICT risk framework, managing vulnerabilities, enhancing endpoint and identity security, and leading incident response activities.