Head of IT Security & IT Governance

Location: Stuttgart (Hybrid/On-site)

Department: IT Governance & Security

Reports To: Chief Information Officer (CIO)

Team Size: 8-9 direct reports

Salary: up to 140k total compensation + Company Car

About the Role

We’re seeking an experienced and visionary Head of IT Governance & IT Security to join our leadership team in Germany. This pivotal role sits in the first line of defence and reports directly to the CIO, with strategic responsibility for shaping and overseeing our IT governance, information security, and compliance frameworks.

You’ll lead a high-performing team of 8-9 professionals, driving regulatory compliance, cyber resilience, and governance excellence across all our IT operations. Your work will ensure alignment with German regulatory frameworks, particularly BaFin, and compliance with global standards such as DORA, ISMS, ITGC, and ISO/IEC 27001.

Key Responsibilities

• Leadership & Strategy
• Lead and mentor the IT Governance & Security team, fostering a culture of accountability, performance, and continuous improvement
• Collaborate with the CIO and senior leadership to define and execute IT governance and cybersecurity strategies
• Champion a robust first line of defence model, ensuring proactive risk identification and mitigation
• Regulatory & Standards Compliance
• Ensure full alignment with BaFin regulations and readiness for DORA (Digital Operational Resilience Act) requirements
• Maintain, develop, and continuously improve the Information Security Management System (ISMS) in line with ISO/IEC 27001
• Oversee internal controls in IT (ITGC), performing gap assessments and remediation activities.

Cybersecurity Governance:

• Define and enforce enterprise-wide security policies, standards, and guidelines.
• Monitor emerging threats, evolving regulations, and industry trends to adjust security posture as needed.
• Lead incident response planning, testing, and post-incident reviews.

Audit & Risk Management:

• Support internal and external IT audits, including liaising with BaFin and other regulatory bodies
• Implement frameworks to assess and monitor IT risks, controls, and vulnerabilities
• Report on IT risk, security, and compliance metrics to senior leadership and governance committees

Requirements:

Essential:

• Proven experience in a senior IT Governance and/or CISO role within the German Financial Services sector
• Deep knowledge of relevant regulations and frameworks: BaFin, DORA, ISO 27001, ITGC, and ISMS
• Strong understanding of IT risk management, cybersecurity best practices, and governance principles
• Experience leading and developing diverse technical and compliance-focused teams
• Fluent in German and English

Desirable:

• Professional certifications such as CISSP, CISM, CRISC, or ISO 27001 Lead Implementer/Auditor
• Experience interacting with regulators, particularly BaFin
• Knowledge of EU-wide IT and cyber regulations, including NIS2 and GDPR

Why Join Us?

• Lead a critical function at the heart of our digital and regulatory strategy
• Shape the future of IT governance and security in a fast-evolving financial services landscape
• Work with an engaged leadership team in a purpose-driven, compliance-forward environment
• Competitive compensation package and long-term career growth