Senior Information Security Manager (f/m/d)

Berlin, GermanyRemote

Responsibilities

Identify, assess, track, and report ICT risks.
Collaborate with the Risk team to integrate ICT risks into the group-wide enterprise risk framework.
Manage evidence collection, auditor relationships, and remediation tracking.

You'll drive automation, continuous control monitoring, and AI-assisted workflows to make compliance scalable and efficient.
What you'll own - Unified control framework - Build and maintain a single, unified control framework mapped to DORA, ISO 27001, SOC 2 Type 2, and GDPR.
experience with ISO 27001, SOC 2 Type 2, and GDPR.
Experience with DORA or strong familiarity with its requirements is a plus.
- You have designed or significantly evolved a risk management framework - whether based on ISO 27005, NIST, or a custom methodology.
You understand how ICT risk integrates into enterprise risk management. - You have hands-on
experience with GRC platforms (e.g.
- You understand the 1st, 2nd, and 3rd line model and how to work effectively across functions.
Our ambition is bold: to power every SMB’s spend across Europe - fully digital, AI-driven, and seamlessly integrated for complete control.

Our offer - An attractive compensation package, including our company stock option plan - An annual learning budget of 600 euros - Access to our mental health and wellbeing offering, including 1-on-1 coaching sessions - An Urban Sports Club membership - 20 days of work from abroad About Moss Moss is a SaaS scale-up founded in Berlin, with a team of 300+ people from 50+ nationalities in 5 offices across Europe.
Moss has raised a total of €180 million in funding and is backed by the most renowned tech investors including Valar Ventures, Tiger Global, Global Founders Capital, Cherry Ventures and A-Star.
We’re a place where you can fast track your career - here's what else to expect: - Top-of-market compensation package, including equity. - Our vibrant offices are at the heart of our culture, where in-person time fuels collaboration and connection over weekly breakfasts and Friday demos. - Additional
benefits include: 20 days “work from abroad”, 600EUR/GBP Learning & Development Budget, and other local benefits. Unless stated otherwise,

Recognised by Sifted’s Rising 100 https://sifted.eu/rankings/b2b-saas-rising-100-2024 and LinkedIn's Top Startups https://www.linkedin.com/pulse/linkedin-top-startups-2024-20-aufstrebende-unternehmen-bjd0c/, we’re here to help propel your career and together, make Moss a lasting success.
To date, over 5000 businesses in Germany, Netherlands and the UK use Moss’ leading spend management product, with modules such as corporate cards https://www.getmoss.com/corporate-credit-card, accounts payables https://www.getmoss.com/accounts-payable, employee cash reimbursements https://www.getmoss.com/reimbursements and procurement https://www.getmoss.com/procurement.

At Moss, we give finance professionals the power to automate their day-to-day and make forward-thinking decisions.
Our team and culture make us unique — we’re driven by impact and growth, where every one of us strives to learn and excel.
Our Information Security team is seeking an Information Security GRC Lead (f/m/d).
This role owns our security governance, risk, and compliance program - ensuring Moss meets its regulatory obligations as a BaFin-regulated EMI while enabling the business to move fast.
You'll report directly to the Director of Information Security.
This is a senior individual contributor role with ownership and autonomy - no direct reports currently, but potential to grow the function over time.
We're looking for someone who treats GRC as an engineering problem, not a paperwork exercise.
- GRC automation - Automate everything you can: evidence collection, control testing, reporting, policy acknowledgements.
- DORA compliance - Own the DORA compliance program: gap analysis, remediation tracking, ICT risk management framework.
- Security incident management - Own security incident classification and regulatory reporting to BaFin (with CISO sign-off).