Moss - Senior Information Security Manager (f/m/d)
Upload My Resume
Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT
Requirements
• What you'll own • Unified control framework - Build and maintain a single, unified control framework mapped to DORA, ISO 27001, SOC 2 Type 2, and GDPR. Each control should be defined once - with clear ownership, technical implementation details, and evidence sources - and mapped across all relevant standards. • ICT risk management - Own the ICT risk management framework and register (based on ISO 27005 or equivalent). Identify, assess, track, and report ICT risks. Collaborate with the Risk team to integrate ICT risks into the group-wide enterprise risk framework. • GRC automation - Automate everything you can: evidence collection, control testing, reporting, policy acknowledgements. • DORA compliance - Own the DORA compliance program: gap analysis, remediation tracking, ICT risk management framework. • Security incident management - Own security incident classification and regulatory reporting to BaFin (with CISO sign-off). • Business continuity - Own the BCM program, including BCP maintenance, testing, and BIA updates. • Audit readiness - Coordinate ISO 27001 and SOC 2 Type 2 audits end-to-end. Manage evidence collection, auditor relationships, and remediation tracking. Goal: continuous audit-readiness, not fire drills. • Asset and data classification - Own the classification schema and ensure assets and data are classified and maintained. • Security vendor assessments - Perform security due diligence on vendors and third-party applications. • Policy management - Own the security policy lifecycle: drafting, reviews, version control, stakeholder sign-off. • Security awareness - Own and run the security awareness program. • Automation-first - Your instinct is "how do I automate this?" before accepting manual work. • Ownership without ego - You own your domain but collaborate cleanly with Legal, Risk, and Engineering. • Pragmatic, not dogmatic - You know when to follow the framework and when to adapt it to reality. • Clear communicator - You can explain a control gap to an auditor, a board member, and an engineer - differently. • Calm under audit pressure - You've been through audits and know how to stay organized when everything is due yesterday.
Benefits
• An attractive compensation package, including our company stock option plan • An annual learning budget of 600 euros • Access to our mental health and wellbeing offering, including 1-on-1 coaching sessions • An Urban Sports Club membership • 20 days of work from abroad • Moss is a SaaS scale-up founded in Berlin, with a team of 300+ people from 50+ nationalities in 5 offices across Europe. • Our ambition is bold: to power every SMB’s spend across Europe - fully digital, AI-driven, and seamlessly integrated for complete control. To date, over 5000 businesses in Germany, Netherlands and the UK use Moss’ leading spend management product, with modules such as corporate cards, accounts payables, employee cash reimbursements and procurement. • Moss has raised a total of €180 million in funding and is backed by the most renowned tech investors including Valar Ventures, Tiger Global, Global Founders Capital, Cherry Ventures and A-Star. • Be part of a culture that thrives on impact and speed, where you can take bold moves, learn fast and accomplish more. We’re a place where you can fast track your career - here's what else to expect: • what else to expect: • Top-of-market compensation package, including equity. • Our vibrant offices are at the heart of our culture, where in-person time fuels collaboration and connection over weekly breakfasts and Friday demos. • Additional benefits include: 20 days “work from abroad”, 600EUR/GBP Learning & Development Budget, and other local benefits. • Unless stated otherwise, benefits apply to full-time positions (interns and working students receive a tailored package). • By applying for the above position, you will confirm that you have reviewed and agreed to our Data Privacy Policy. • By applying for the above position, you will confirm that you have reviewed and agreed to our • Data Privacy Policy
No credit card. Takes 10 seconds.