VP of Information Security, Risk and BCM

A customer of mine is a leading B2B trading institute for digital assets, providing financial institutions with deep liquidity across a range of digital assets. As a licensed securities institution, they enable seamless trading and investment through secure, regulated infrastructure.They are seeking an experienced VP of Information Security, Risk, and Business Continuity Management to lead and advance their security and resilience framework.The ideal candidate is a proven security leader with extensive experience in regulated financial environments, strong technical foundations in ICT risk, and the ability to implement pragmatic compliance solutions that support business growth.What you'll doEnsure full compliance with financial regulatory requirements in information security, ICT risk management, and business continuity, including DORA, MaRisk, and MiCARAssume full responsibility for all information security, ICT risk, and business continuity matters across the instituteDrive the continuous improvement of the DORA implementation and IT initiatives focused on security and operational resilienceEvaluate and enhance the effectiveness of the ICT risk management frameworkMonitor emerging technologies and cyber threats to adapt security strategy and resilience measures proactivelyAdvise senior management on ICT risk tolerance and related measures to maintain targeted security levelsDevelop and maintain policies, procedures, and protocols for information security and ICT risk managementPlan and coordinate crisis communication and recovery measures in case of security or ICT disruptionsConduct digital operational resilience testing to validate security and BCM measuresManage risks from third-party ICT service providers and coordinate the outsourced Data Protection OfficerOversee the detection, classification, treatment, and reporting of ICT-related incidentsDeliver regular and ad-hoc reporting to senior management and relevant governance bodiesLead group-wide security awareness and training programsWhat we're looking forA completed university degree in (Business) Informatics or equivalent certifications (e.g., ISO 27001, CISM, CISSP)Several years of professional experience in information security or ICT risk management within a BaFin-regulated financial institution or banking environment is essentialStrong technical knowledge in IT infrastructure, network security, or related domainsDeep expertise in regulatory requirements under DORA, particularly ICT risk management, incident management, and third-party oversightHands-on experience in banking or fintech is mandatory, with knowledge of standard certifications such as ISO 27001 being a strong advantageAnalytical, structured thinking with proven problem-solving skillsExcellent communication and stakeholder management abilitiesResilience, team orientation, and a proactive, hands-on mentalityFluency in both German and English, written and spoken