IT Security Manager – Risk, Compliance & DORA (m/f/d)

About us

Since its founding in 2000, the CEE Group has been synonymous with holistic expertise in renewable energies. As a fully integrated asset manager, we have specialized in the repowering and hybridization of our own existing facilities in addition to the acquisition of solar, onshore wind and storage projects. From project acquisition to commissioning and beyond, we focus on quality, innovation and sustainability. By using state-of-the-art technologies and sustainability concepts, we aim to achieve optimal returns for investors while promoting environmental protection. Long-term, trusted partnerships with all stakeholders form the foundation for our sustainable success in the dynamic renewable energy market. At our location in Hamburger City, we have already implemented 104 projects in Europe with 2.2GW(p) rated performance with over 130 employees and manage a total of about 2.8 billion. EUR AuM in various investment funds and special clients. Further information: www.cee-group.de

Your employer actively shape the successful energy transition and become part of the CEE Group IT team at Hamburg City

IT Security Manager - Risk, Compliance & DORA (m/w/d) It's waiting for you You are responsible for the further development and effectiveness of our DORA information security and resilience framework – in close coordination with risk management, ISB, IT, outsourcing management, internal audit and management. With pragmatism, depth and care, you make sure that regulatory requirements are not only met, but become operationally viable.

Your tasks at a glance:

End-to-end control of the DORA implementation programme (priorization, roadmap, milestones, status reports). Conducting gap and ripeness analysis against DORA, MaRisk/KAIT, BAIT and EBA/EIOPA/EBA-ICT guidelines (if relevant). Current improvement of ICT risk management, including risk assessment, KRIs, risk register and treatment. Definition of Impact Tolerances, implementation of BIA, development/performance of BCM/DR tests. DORA-compliant control of critical ICT service providers: due diligence, contractual clauses, performance and risk monitoring, exit strategies. Planning and carrying out tests of digital operational resilience (e.g. scenario/crisis exercises, Red team/Pen tests – proportional to the profile). control and monitoring of internal and external audits; Management of findings up to timely processing. Preparation of regulatory reports/ notifications (e.g. incident reports) and communication with the supervisor.

That's what you bring

Completed studies in (economic) informatics, information security, risk/compliance or comparable. Multiannual relevant professional experience in information security/ICT risk management, of which ideally two years with focus on DORA or comparable frameworks (e.g. NIS2, ISO 27001, BAIT/KAIT, EBA/EIOPA guidelines). Experience in regulated financial environments (KVG, banks, insurance, FinTech). Deep understanding of DORA requirements: governance, ICT risk, incident management, resilience tests, third-party risks, notifications and information exchange. Confidence with relevant standards/frameworks: ISO/IEC 27001/2, NIST CSF, COBIT, ITIL, BCM/ISO 22301. Practice in audit preparation, audit management and handling of supervisory authorities. Sovereign handling of GRC/ISMS tools, ticketing and CMDB systems, risk assessment methods and KPI/KRI dashboards. Ability to make guidelines, controls and contracts (ICT outlays) regulatoryly clean. Structured, solution-oriented operation with high responsibility for earnings. Ability to communicate complex issues in an address-oriented manner – from the developer team to the board. Team spirit, stability, pragmatic mindset and motivation to actively strengthen the resilience of our organization. Very good knowledge of German (min. B2), good knowledge of English.

We offer you

independent work with corresponding freedoms and flat hierarchies Work in a young and innovative growth industry, in a modern office in the city centre of Hamburg High-motivated and valuable team Focus on sustainable action Attractive salary package incl. variable share Occupational pension and accident insurance Grants for the HVV Professional Ticket and Sports Program Operational health management Hybrid working time model with the possibility of working mobile up to 2 days per week 30 days holiday (December 24/31) and special holiday on special occasions