IT Security Manager – Risk, Compliance & DORA (m/f/d)

About us

CYCAP is a specialized asset manager for renewable energy. The company manages 2.7 billion. Euro Assets under Management over 9 investment vehicles and 103 wind and solar sets – with 150 employees at the Hamburg location. CYCAP combines 25 years of operational experience with fully integrated in-house expertise: fund management, deal sourcing, asset development with focus on repowering and hybridization, active asset management, technical units as well as a dedicated AI team as a structural competitive advantage. As the operator of the largest repowering fund in Germany, CYCAP stands for life cycle responsibility without third-party management and without fragmentation.

More information: www.cycap.com

Your employer At CYCAP we take responsibility – not only for assets, but also for the people You manage. As an employer, we offer an environment in which long-term thinking, collegial cooperation and operational excellence are not keywords, but lived reality. Become part of a team that brings renewable energies into the future economically and sustainably – and in Hamburg we will be able to strengthen ourselves as soon as possible:

IT Security Manager - Risk, Compliance & DORA (m/w/d)

It's waiting for you You are responsible for the further development and effectiveness of our DORA information security and resilience framework – in close coordination with risk management, ISB, IT, outsourcing management, internal audit and management. With pragmatism, depth and care, you make sure that regulatory requirements are not only met, but become operationally viable.

Your tasks at a glance:

End-to-end control of the DORA implementation programme (priorization, roadmap, milestones, status reports). Conducting gap and ripeness analysis against DORA, MaRisk/KAIT, BAIT and EBA/EIOPA/EBA-ICT guidelines (if relevant). Current improvement of ICT risk management, including risk assessment, KRIs, risk register and treatment. Definition of Impact Tolerances, implementation of BIA, development/performance of BCM/DR tests. DORA-compliant control of critical ICT service providers: due diligence, contractual clauses, performance and risk monitoring, exit strategies. Planning and carrying out tests of digital operational resilience (e.g. scenario/crisis exercises, Red team/Pen tests – proportional to the profile). control and monitoring of internal and external audits; Management of findings up to timely processing. Preparation of regulatory reports/ notifications (e.g. incident reports) and communication with the supervisor.

That's what you bring

Completed studies in (economic) informatics, information security, risk/compliance or comparable. Multiannual relevant professional experience in information security/ICT risk management, of which ideally two years with focus on DORA or comparable frameworks (e.g. NIS2, ISO 27001, BAIT/KAIT, EBA/EIOPA guidelines). Experience in regulated financial environments (KVG, banks, insurance, FinTech). Deep understanding of DORA requirements: governance, ICT risk, incident management, resilience tests, third-party risks, notifications and information exchange. Confidence with relevant standards/frameworks: ISO/IEC 27001/2, NIST CSF, COBIT, ITIL, BCM/ISO 22301. Practice in audit preparation, audit management and handling of supervisory authorities. Sovereign handling of GRC/ISMS tools, ticketing and CMDB systems, risk assessment methods and KPI/KRI dashboards. Ability to make guidelines, controls and contracts (ICT outlays) regulatoryly clean. Structured, solution-oriented operation with high responsibility for earnings. Ability to communicate complex issues in an address-oriented manner – from the developer team to the board. Team spirit, stability, pragmatic mindset and motivation to actively strengthen the resilience of our organization. Very good knowledge of German (min. B2), good knowledge of English.

We offer you

independent work with corresponding freedoms and flat hierarchies Work in a young and innovative growth industry, in a modern office in the city centre of Hamburg Hybrid working time model with the possibility of working mobile up to 2 days per week Highly motivated and value-adding team at a family-oriented employer Focus on sustainable action Attractive salary package including variable share and occupational retirement Grants for HVVV Germany ticket, bicycle leasing and sports program Discounted lunch in a nearby canteen Operational health management 30 days holiday (plus 24.12. and 31.12.) and special holiday on special occasions