A customer of mine is a leading B2B trading institute for digital assets, providing financial institutions with deep liquidity across a range of digital assets. As a licensed securities institution, they enable seamless trading and investment through secure, regulated infrastructure.

They are seeking an experienced CISO / VP of Information Security, Risk, and Business Continuity Management to lead and advance their security and resilience framework.

The ideal candidate is a proven security leader with extensive experience in regulated financial environments, strong technical foundations in ICT risk, and the ability to implement pragmatic compliance solutions that support business growth.

What you'll do

• Ensure full compliance with financial regulatory requirements in information security, ICT risk management, and business continuity, including DORA, MaRisk, and MiCAR
• Assume full responsibility for all information security, ICT risk, and business continuity matters across the institute
• Drive the continuous improvement of the DORA implementation and IT initiatives focused on security and operational resilience
• Evaluate and enhance the effectiveness of the ICT risk management framework
• Monitor emerging technologies and cyber threats to adapt security strategy and resilience measures proactively
• Advise senior management on ICT risk tolerance and related measures to maintain targeted security levels
• Develop and maintain policies, procedures, and protocols for information security and ICT risk management
• Plan and coordinate crisis communication and recovery measures in case of security or ICT disruptions
• Conduct digital operational resilience testing to validate security and BCM measures
• Manage risks from third-party ICT service providers and coordinate the outsourced Data Protection Officer
• Oversee the detection, classification, treatment, and reporting of ICT-related incidents
• Deliver regular and ad-hoc reporting to senior management and relevant governance bodies
• Lead group-wide security awareness and training programs

What we're looking for

• A completed university degree in (Business) Informatics or equivalent certifications (e.g., ISO 27001, CISM, CISSP)
• Several years of professional experience in information security or ICT risk management within a BaFin-regulated financial institution or banking environment is essential
• Strong technical knowledge in IT infrastructure, network security, or related domains
• Deep expertise in regulatory requirements under DORA, particularly ICT risk management, incident management, and third-party oversight
• Hands-on experience in banking or fintech is mandatory, with knowledge of standard certifications such as ISO 27001 being a strong advantage
• Analytical, structured thinking with proven problem-solving skills
• Excellent communication and stakeholder management abilities
• Resilience, team orientation, and a proactive, hands-on mentality
• Fluency in both German and English, written and spoken