🛠 Tech Stack

💼 About This Role

You'll own our security governance, risk, and compliance program, ensuring Moss meets BaFin regulatory obligations as a regulated EMI. You'll drive automation and continuous control monitoring to make compliance scalable and efficient. This senior individual contributor role offers ownership and autonomy with potential to grow the function.

🎯 What You'll Do

• Build and maintain a unified control framework mapped to DORA, ISO 27001, SOC 2, and GDPR.
• Own ICT risk management framework and register based on ISO 27005.
• Automate evidence collection, control testing, and reporting using GRC platforms.
• Coordinate ISO 27001 and SOC 2 Type 2 audits end-to-end.

📋 Requirements

• 5+ years of GRC experience in a regulated environment, ideally fintech or financial institution.
• Hands-on experience with ISO 27001, SOC 2 Type 2, and GDPR.
• Built or managed unified control frameworks mapped across multiple standards.
• Hands-on experience with GRC platforms (e.g., Vanta, Drata, ServiceNow GRC).

✨ Nice to Have

• Experience with DORA compliance.
• Understanding of BaFin regulatory expectations.
• Fluent German language skills.

🎁 Benefits & Perks

• 💰 Attractive compensation with company stock option plan.
• 📚 Annual learning budget of €600.
• 🧠 Mental health and wellbeing offering with 1-on-1 coaching.
• 🏋️ Urban Sports Club membership.
• ✈️ 20 days work from abroad.

🚩 Heads Up

• Role is senior but has no direct reports; potential mismatch for some candidates.