Information Security Officer (m/f/d) Everyone's story matters. Come shape your story with us at Riverty. But where does that take you?
To one of our 30 hybrid workspaces – designed for exchanging ideas, learning from others, and shaping the way we work. An international community of over 4,000 people, representing almost 80 nationalities across 11 countries. United by one mission: Combining empathy, advanced technology and data-driven insights to keep people and businesses in flow. With payments made for them. So that they don't have to worry about it.
And there's more: We are part of the family-owned Bertelsmann group. Established. Corporate. In a fast-paced industry. We enable flexible payments in various industries, simplifying the financial management of known brands and helping people repay debt to build financial confidence. In short: shaping FinTech. In this role, you will be based in Luxembourg, working from RTL Group's “RTL City” office on Boulevard Pierre Frieden in the Kirchberg district. RTL Group S.A. is a Luxembourg-based international media company and one of eight divisions of Bertelsmann, playing a key role in the group's revenue and operating profit.
We are looking for an
Information Security Officer (m/f/d) (unlimited, full-time) Join our team at our location in Luxembourg – flexible working conditions available to build the next generation fintech.
We are looking for an Information Security Manager for a regulated institution that is subject to the Digital Operational Resilience Act (DORA). This role will strengthen our 2nd Line of Defense within the entity and ensure sound coordination of our consulting and assurance teams, advise internal stakeholders on resilience-related domains like information security, ICT and security risk management, operational resilience and business continuity.
Key Responsibilities:
• Requirement Management: Stay up to date with new laws, regulations, and standards within the ICT Risk domain, and assess their business impact. Act as point of contact with the CSSF. • Engagement with stakeholders: Engage with stakeholders, including senior management, project team members, and external partners, to assign responsibilities and ensure pre-defined quality objectives are met. • Process Governance: Own and manage the process map, ensuring governance over more than 100 processes to track and execute according to quality objectives. Provide internal reports on the activities, covering consulting, assurance, and overarching functions. • ICT Risk Management: Managing the ICT Risk Management Roadmap as a strategic change o Managing response to change in regulatory requirements relevant to ICT Risk Management • Resilience Testing: Plan, manage and ensure proper execution of the entity's resilience testing programme. Manage results and organize additional testing activities as required by utilizing internal/external consulting and assurance teams. • Awareness & Outreach: Develop and implement comprehensive awareness campaigns to promote information security practices and embed a culture of security and resilience within the organization. Utilize effective communication strategies to ensure all employees are informed and engaged with the initiatives.
Qualifications:
• A bachelor's or master's degree in Business Administration, Computer Science, or a related discipline is required. Advanced degrees or relevant certifications, such as CISSP, CISM, CCNP Security, etc. are a strong plus. • Minimum of 7 years in information security management, ideally in large-scale security organizations, with strong organizational and multitasking skills. • Strong knowledge of risk assessment methodologies (e.g. risk framework 27005), security frameworks (e.g., NIST, ISO 27001) and ICT Compliance regulations (EBA Guidelines on ICT & Security Risk Management, DORA, CSSF Circulars etc.) • Excellent verbal and written communication skills in English and preferably in German, with the ability to convey intricate security concepts to non-technical stakeholders effectively. • Strong analytical and problem-solving skills, with a proven ability to assess project management issues and formulate effective response strategies.
Equal Opportunity Employer Statement
We want to be a fair and inclusive employer. We value the diverse perspectives that a diverse workforce brings to the table. Therefore, we are actively looking for people who enrich our company through their identity, background and personal experiences, with or without a disability.