Information Security Officer in Berlin

Mambu is the leading SaaS core banking engine. If you’re a customer of the largest digital bank in the EU, then you’ve probably interacted with our platform and didn't even know it. We are at the heart of what makes digital banks and lenders work - the system that processes banking transactions and updates accounts and other financial records from deposits to loans and credit balances. But we are different. We are not just cloud-native, lean and flexible - we are helping to revolutionise financial services globally. We are in a growth phase and we’ve only just begun.

To help us on our mission, we bring together people with the best skills and attitude. It doesn’t matter where you are from, what matters is the impact you have and your passion to make a difference.

To continue our success story we are looking for an experienced Information Security Officer to join our team in Berlin.

The ISO is on a mission to lead different functions inside the security team. The goal is to sustain and enhance effective and scalable security functions inside the information security program, including development and growth of the security team.

The ISO works closely with the CISO, other executives and the information security team to prevent and react to information security incidents, and spread knowledge internally about existing security controls. They are supporting the company’s ISMS (Information Security Management System) and all related policies, procedures as well as maintaining its compliance with standards and supporting its certifications.

Your responsibilities will be:

• Information Security Program:
• Ensuring effective security controls, relevant low-level policies, processes and structures, along with defining roles and tools. Hiring skilled security professionals to support the implementation of the above items and owning 2-3 of the below functions:
• Incident response: Identifying security events and incidents, reporting on them and containing them to minimise the consequences. Operating lessons learned assessments to align the policies to reduce the likelihood of recurrence.
• Security and privacy enablement: Enabling teams and executives to make informed information security and data protection decisions, in line with acceptable levels of risk and internal and external policies. Allowing for greater protection of Mambu assets and limiting exposure to incidents and data protection breaches.
• Offensive security: Initiating detailed security tests for internal and external threats to ensure the policies within Mambu are consistently providing the necessary protection and using these tests to improve existing security controls where required.
• Security and privacy training: Educating the teams on security controls relevant for them and helping them keep themselves accountable within these teams and thereby reducing both the frequency and severity of security incidents. Helping teams pass on their own knowledge of policies, driving autonomy and reduced reliance on the security team.
• Security operations: Optimising information security processes through integrations and automation to deliver higher productivity and improve reaction times to incidents.
• Identity and access management: Support tool owners with definition and implementation of role based access control, review access requests, automating granting and adjustment of access rights for joiners, movers and leavers, as well reviewing actual system access.
• Keeping all controls, policies and procedures up to date based on industry standards and building a mentality of continuous improvement with new controls being added as necessary.
• Supporting compliance with relevant industry standards, contributing to certifications and assurance reports, and providing up-to-date documentation.


• People Management:
• Supporting security team members in their personal and professional development.
• Evaluating performance of security team members.
• Acting as the escalation point for security team members to help resolve conflicts.

Competencies:

• Functional Excellence: Broad knowledge in different technology domains (network, endpoints, cloud computing, application architecture), security concepts, security organisation structures, and related common information security management frameworks, such as ISO/IEC 27001, and NIST.
• People Management: Leader through example, open-minded active listener, mentor.
• Strong Motivator: Innovative thinking and motivational leadership with an ability to inspire and motivate cross-functional, interdisciplinary teams to think about information security at all times.
• Teamwork: Reaches out and cooperates with peers and supervisors to establish an overall collaborative working relationship, creates buy-in not by being direct, but by creating a robust basis for stakeholder decisions along the journey.
• Commitment: Stands up for Mambu’s values and betterment, raises objections to executives and peers if needed and does not give up before an acceptable outcome on a given topic is achieved.
• Flexibility/Adaptability: Adjusts quickly to changing priorities and conditions. Copes effectively with complexity and change. 
• Organisation: Plans, organises, schedules and budgets in an efficient productive manner. Focused on key priorities.