Job Description

Unternehmensbeschreibung

About Finanzen.net Group

Finanzen.net Group is an innovative FinTech company that supports both private and professional investors in making informed investment decisions.

The group includes:

• finanzen.net – one of the leading financial information portals in the DACH region

• finanzen.net ZERO – a neobroker offering low-cost and secure trading of securities

• TraderFox – a provider of financial information and trading tools for professional investors and those aspiring to become one

Our Vision

We strive to be the best partner for our customers on their investment journey.

Growth and Acquisition

At the beginning of 2025, the Finanzen Group was acquired by Inflexion, a leading European private equity firm in the mid-cap segment. Inflexion supports ambitious management teams in developing and scaling high-growth companies sustainably.

As part of the acquisition, the previously independent business units are being strategically integrated. This realignment, combined with the group's strong innovative capabilities, creates new growth opportunities to further strengthen its position as a leading investment platform.

Working With Us

To successfully implement our growth strategy and value creation program, we are looking for talented individuals who want to actively shape this transformation.

We value personal exchange: we work hybrid – three collaborative days at one of our hubs in Karlsruhe, Munich, or Berlin, and two days remote.

Stellenbeschreibung

You are responsible for leading and maturing our information security posture across the finanzen.net Group (Zero, Finnet, TraderFox). Operating at the intersection of cyber risk, regulatory compliance, and business enablement, this role demands both strategic vision and hands-on operational leadership. As a regulated financial services organisation under BaFin scrutiny, the CISO will build a security programme that meets the highest standards of resilience; transforming our current baseline into a mature, risk-driven security capability that supports our ambitions in Neo-Brokerage and digital finance.

Core Responsibilities

Security Strategy & Governance:

• Shape and drive the Group-wide security strategy

• Turn regulatory requirements into clear priorities

• Close key gaps across assets, vulnerabilities, and third parties

Risk Management & Compliance:

• Build and run a DORA-aligned ICT risk framework

• Create transparency across risks and controls

• Report clearly to senior leadership and the board

Vulnerability & Threat Management:

• Roll out vulnerability management across the Group

• Reduce critical findings and remediation backlog

• Improve detection through stronger SIEM capabilities

Endpoint & Identity Security:

• Expand endpoint protection and MFA coverage

• Improve device health and security visibility

• Enforce consistent controls across all entities

Security Awareness & Developer Enablement:

• Build a stronger security-first culture

• Increase awareness training completion

• Enable developers through secure coding and champions

Incident Response & Assurance:

• Lead incident response and post-incident reviews

• Run regular backup and response tests

• Anchor assurance activities in daily operations

Third-Party & Supply Chain Risk:

• Strengthen third-party risk management

• Raise due diligence standards for vendors

• Reduce supply chain risk across the Group

Qualifikationen

Security Leadership & Regulatory Expertise

• Proven leadership in information security, ideally in regulated financial services or FinTech

• Strong knowledge of DORA, GDPR, BaFin, and common control frameworks such as CIS, ISO 27001, and SOC 2

• Experience leading audits, assessments, and regulatory reviews

Security Programme & Risk Management

• Track record of building structured, risk-driven security programmes

• Experience improving security maturity in complex or fast-growing environments

• Strong understanding of vulnerability management, remediation workflows, and risk reporting

Stakeholder Management & Execution

• Able to communicate security risks clearly to Board and senior stakeholders

• Strong cross-functional influence across Engineering, IT, Legal, and Compliance

• Proven ability to roll out security processes with measurable impact

Technical & Operational Expertise

• Solid understanding of security architecture across endpoints, identity, networks, and cloud

• Hands-on experience with SIEM, EDR/XDR, vulnerability scanning, and asset management tools

• Good awareness of AI-related security risks and secure AI adoption in regulated environments

Zusätzliche Informationen

You’ll join a modern work environment with over 250 colleagues, shaped by trust, flexibility, and genuine collaboration. You’ll work in a hybrid setup and use our office hubs in Karlsruhe, Munich or Berlin; complemented by up to 15 days of “workation” within the EU per calendar year.

We actively support your personal and professional development through training, seminars, and conferences in the dynamic fintech and stock/financial sector. We place great importance on an open, collaborative atmosphere, team spirit, and shared success.

You can also expect the following benefits:

• Modern office hubs & hybrid working

• Training and development opportunities in financial markets/investing

• Regular team events & a strong company culture

• Health & mobility benefits (bike leasing, public transport subsidy)

• Attractive financial benefits & additional perks

• An environment where you can contribute, grow, and feel comfortable