Information Security Officer (ISO) (w/m/d)

About the role: 

You will shape and manage our Information Security Management System and be an integral part of the Legal & Compliance team at Billie to foster Billie's compliance with applicable regulatory requirements in the area of Information Security. You will play a pivotal role in ensuring Billie's compliance with the regulatory requirements with regards to risk management (MaRisk), supervisory requirements for IT in Financial Institutions (BAIT), and supervisory requirements for IT in Payment Service Providers and E-Money Institutes (ZAIT). You will take Information Security Management at Billie to the next level and closely cooperate with the CTO as well as the Senior Management Team. The role includes the following tasks: 

• Taking over responsibility as the Information Security Officer of Billie and ensuring Billie's compliance with applicable regulations and standards.
• Implementation, development, review and regular assessment for compliance and effectiveness of the Information Security Management System (ISMS) in compliance with the applicable regulatory requirements as well as market demands (including an information security strategy, roadmap, related policies, procedures, guidelines, and controls).
• Maintain an up-to-date and comprehensive knowledge of Billie's products, services, policies, procedures, philosophy, and organizational structure as well as IT infrastructure and utilized IT systems.
• Create goal-oriented solutions  with regard to existing information security targets.
• Assessing and monitoring Information Security Risks throughout Billie (regularly and on an ad-hoc basis) and recommending safeguards designed to keep information security risks at acceptable levels.
• Analyzing the protection requirements of IT systems utilised by Billie and maintaining, monitoring and regularly reviewing Billie's Information Asset Register.
• Preparation as well as coordination of information security-related audits (i.e. serving as the main IT contact person for regulatory exams; documentation and leading efforts to remediate IT-related findings within appropriate timeframes).
• Supporting as well as improving existing ISMS processes such as: access control, security alerts, technical vulnerability assessment, outsourcing assessments, vendor assessments etc.
• First point of contact and escalation point for the whole company as well as third parties with regard to information security related questions, issues and incidents.
• Investigation and Reporting of Information security incidents as well as ensuring that appropriate processes for reporting, managing, analyzing, and escalating Information Security Incidents are in place.
• Ensure Information Security related controls remain effective and efficient.
• Preparation of regular reports on compliance with Billie's information security to the Management Board (including KPIs, measures, projects and initiatives).
• Providing documentation and information about Information Security related topics to Billie's employees to raise and uphold awareness of the importance of Information Security.
• Preparation and performance of internal training, presentations and workshops on Information Security. 
• Supporting the preparation and updating of the contingency plan with regard to information security issues.

Who we are looking for: 

• At least three years of relevant experience within the information security sector (preferably in the role as Information Security Officer in a company comparable to Billie or bigger).
• Sound knowledge in the field of Information Security and Information Security Management as well as in-depth knowledge of relevant regulations (§ 25 a KWG, BAIT/ZAIT, MaRisk, etc.) and standards (ISO 2700X, ITIL, IT-Grundschutz, SOGP, COBIT, etc.).
• Strong motivation, enthusiasm and affinity for information security, IAM and risk management.
• Enough technical competence to understand relevant concepts and support ongoing project and technology efforts.
• Structured, analytical, conceptual, calm, diligent and solution-oriented.
• Strong project management and self-organizational skills and experience in leading small teams.
• Ability to manage relationships with vendors which provide information security-related services.
• Keen perception as well as the ability to understand and explain complex topics.
• Professional certifications in audit (e.g. ISO 27001, SOC 2).
• Fluent written and spoken English and German.
• Strong communication and teamwork skills as well as commitment and flexibility round off your profile.

Nice to have: 

• Knowledge in the field of software development.
• Familiarity with security concepts in cloud environments (e.g. AWS).
• Knowledge of penetration testing, ethical hacking, bug bounty programs.