Grow with us! Universal Investment is on its way to becoming Europe's leading fund services platform and Super ManCo. We have provided innovative fund solutions for asset managers and institutional investors since 1968. We are also well established in Germany, Luxembourg, Ireland and Poland. From our offices in Frankfurt, Krakow, Luxembourg, Dublin, Paris and Stockholm, we continue to expand internationally. We are currently looking for entrepreneurial people who want to grow and share in the profits of our success.

The IT Risk Manager is responsible for the operational and strategic management of the entire IT Risk Lifecycle within the Group. This includes the design, implementation, and continuous improvement of IT risk management processes, governance structures, and supporting technologies to ensure compliance with internal policies and regulatory requirements.

Your tasks and responsibilities:

• Ownership of the full IT Risk Lifecycle, including identification, assessment, mitigation, monitoring, and reporting of IT-related risks.
• Operationalize the IT Risk Management framework and ensure alignment with the Group Risk Governance and Policy Frameworks.
• Perform evaluations of IT security concepts (target/actual analyses) and identify control gaps or potential risks.
• Conduct impact and scenario analyses in line with Group methodologies and regulatory requirements.
• Further develop the technological infrastructure supporting risk management processes (currently using BIC GRC as the core platform).
• Define and track remediation measures jointly with risk owners, ensuring timely and effective implementation.
• Integrate IT Risk Management processes into Group-wide risk management and governance activities.
• Develop comprehensive management reporting, dashboards, and metrics to enhance transparency and decision-making.
• Contribute to the continuous evolution of IT Risk Management processes in light of new regulatory, technological, and business developments.
• Collaborate with Information Security, IT Service Management, Business Continuity, and Audit functions to ensure holistic risk coverage.

Your skills and experience:

• University degree in Information Technology, Business Informatics, or a related field.
• Minimum 5–7 years of professional experience in IT Risk Management, Information Security, or GRC-related roles.
• Proven expertise in integrating GRC frameworks into existing IT and business processes.
• Strong knowledge of IT governance frameworks (COBIT, ITIL) and risk management methodologies.
• Solid understanding of regulatory requirements such as DORA, MaRisk, EBA Guidelines, CSSF Circulars, and Third-Party Risk Management.
• Familiarity with international standards like ISO 27001, NIST, ITIL, COBIT.
• Technical background in IT infrastructure, cloud computing, IAM, and IT service management processes.
• Experience with quantitative and qualitative risk assessment methods and tools.
• Audit experience, ideally including coordination or execution of IT and operational risk audits.
• Expertise in Business Impact Analysis and threat scenario modeling.
• Fluency in English
• Self-driven and intrinsically motivated professional with a proactive mindset.
• Solution-oriented with the ability to balance compliance and business needs.
• Experienced in communicating with regulators, auditors, and senior management.

What we offer:

• Private health care and travel insurance
• Life insurance
• Cafeteria Platform and sports package
• Company Pension Benefits – Employee Savings Plan
• Attractive Employee Referral Bonus Program
• Additional day off for charity
• Holiday subsidy („wczasy pod gruszą”)
• Internal German language lessons
• Possibility of working from home