Head of Cyber Security (f/m/d)

<p><strong>Solaris</strong>&nbsp;is a tech company with a full German banking license. Our Banking-as-a-Service platform enables businesses to offer their own financial products. With our straightforward APIs, our partners can access and integrate a wide range of solutions such as digital banking, payments, cards, identification and lending services. As a market leader we are driven by bringing transformational change to the financial services industry.</p> <p>We love what we do and we love our team. We are 500+ people from over 70 nationalities - a unique blend of techies, fintech enthusiasts, bankers and entrepreneurs from various industries. Our routines are built around genuinely valuing and exchanging different perspectives as well as actively sharing knowledge as we drive our business as a team. We believe and invest in personal growth.</p> <p>The Head of Cyber Security plays a critical role in strengthening Solaris’ cybersecurity posture. Reporting to the Director of Technology, you will lead and manage the full first line of cyber defence across the organisation and serve as the trusted face of Cyber Security - bringing clear expertise and credibility to every cyber security conversation with internal and external stakeholders.</p> <h4>Your Role</h4> <ul> <li><strong>Strategic Leadership:</strong> <ul> <li>Develop and execute a comprehensive cybersecurity strategy aligned with the overall business objectives and regulatory requirements.</li> <li>Drive a culture of security awareness and accountability throughout the organization.</li> </ul> </li> <li><strong>Team Management</strong>: <ul> <li>Lead, mentor, and develop a high-performing and semi-autonomous cybersecurity team consisting of 10 team members covering areas like: Offensive Security, Product Security, Cyber Defense Center, Platform &amp; Operations Security, Identity &amp; Access Management</li> <li>Provide guidance, support, and training to enhance the skills and capabilities of security professionals within the organization.</li> </ul> </li> <li><strong>Risk Management</strong>: <ul> <li>Identify, assess, and prioritize cybersecurity risks, vulnerabilities, and threats.</li> <li>Implement robust risk mitigation measures to safeguard all digital assets, products, services, customer data, and infrastructure.</li> </ul> </li> <li><strong>Governance and Compliance</strong>: <ul> <li>Ensure compliance with relevant cybersecurity laws, regulations, and industry standards, namely DORA, PCI DSS, SWIFT CSP and ISO 27001.</li> <li>Establish and maintain effective governance frameworks, guidelines, and procedures to support continuous improvement in cybersecurity practices, supported in the Information Security policies and business&nbsp;<br>requirements.</li> </ul> </li> <li><strong>Security Operations:</strong> <ul> <li>Oversee the operation and optimization of security technologies, tools, and processes on Preventive Security, Offensive Security, Product Security, Cyber Defense Center, Projects &amp; Architecture and Support and Operations in an effective way.</li> <li>Monitor the security posture of networks, systems and applications through proactive threat intelligence and security monitoring.</li> </ul> </li> <li><strong>Security Incident Response</strong>: <ul> <li>Lead the security incident response team in managing cybersecurity incidents and breaches promptly and efficiently.</li> <li>Develop and maintain incident response plans, playbooks, and communication protocols to minimize the impact of security incidents.</li> </ul> </li> <li><strong>Collaboration and Communication</strong>: <ul> <li>Foster strong partnerships and collaboration with internal stakeholders, including engineering, IT, risk management, product, compliance, legal, and other relevant business units.</li> <li>Communicate cybersecurity risks, initiatives, and outcomes effectively to executive leadership and board members where needed.</li> </ul> </li> </ul> <h4>We'd love to see&nbsp;</h4> <p>Depending on your level of experience, your responsibilities and scope of role will range. We don’t care much about fancy titles, but rather about real personal and professional development, as laid out in our&nbsp;learning framework. Let’s figure together out how you can contribute to our team.</p> <ul> <li data-start="116" data-end="235">Bachelor’s degree in Computer Science, Information Security, Information Technology, Engineering, or a related field.</li> <li data-start="238" data-end="348">Extensive, hands-on cyber security leadership experience, including a proven track record leading first-line cyber security teams, and implementing technical controls in regulated environments.</li> <li data-start="351" data-end="474">Demonstrated success designing and executing cyber security strategies and programmes in complex, regulated environments.</li> <li data-start="597" data-end="724">Strong knowledge of recognised frameworks and regulatory standards (e.g., NIST, ISO 27001, DORA, PCI DSS, SWIFT CSP, MaRisk).</li> <li data-start="727" data-end="792">Business-fluent English (written and spoken); German is a plus.</li> <li data-start="795" data-end="879">Strong analytical and problem-solving skills, with sound judgement under pressure.</li> <li data-start="882" data-end="978">Proactive, ownership-driven, and a collaborative partner to Technology and the wider business.</li> <li data-start="981" data-end="1081">Structured and hands-on working style; comfortable operating both strategically and operationally.</li> </ul> <p><strong>Working Model:</strong></p> <ul> <li>If you’re working from Berlin, we’d be happy to have you in the office<span class="Apple-converted-space">&nbsp;</span>two days per week.</li> <li>If you’re based elsewhere in Germany, we ask that you<span class="Apple-converted-space">&nbsp;</span>travel to Berlin for a few days each month<span class="Apple-converted-space">&nbsp;</span>for stakeholder collaboration, and other important onsite touchpoints.<span class="Apple-converted-space">&nbsp;</span>Monthly trips are reimbursed<span class="Apple-converted-space">&nbsp;</span>in line with our travel policy.</li> </ul> <h4>Benefits&nbsp;</h4> <ul> <li>Home office budget.</li> <li>Learning &amp; development budget of €1000 per year and a transparent growth framework to support your career goals.</li> <li>Competitive salary and a variable remuneration program.</li> <li>Monthly meal allowance.</li> <li>Deutschland ticket subsidy.</li> <li>28 vacation days, increasing by 2 days after 2 years and 3 days after 3 years with Solaris.</li> <li>Opportunity to&nbsp;work abroad for up to 12 weeks per year.</li> </ul> <p>&nbsp;</p> <p><em>While job ads usually paint an ideal picture of a candidate, studies show that most applicants meet an average of 60% of the criteria. Unfortunately, many promising candidates tend to apply only if they meet all the criteria. So if you think you have what it takes, but don't necessarily meet every single item in the job description, please contact us anyway. We'd love to talk with you and find out if you might be a good fit for us.</em></p> <p>At Solaris, we are committed to nurturing an inclusive environment, where all Solarians feel valued, respected and supported. We are dedicated to building a diverse workforce that reflects the diversity of our communities. We are committed to equal employment opportunity regardless of color, ethnicity, religion, sex, origin, disability, marital status, citizenship, or gender identity. We are proud to be an equal opportunity workplace. If you have a disability or special need that requires accommodation, please let us know.</p> <p>Information on data processing:</p> <p><br><span class="s1">DE:&nbsp;<a href="https://www.solarisgroup.com/gdpr_notice_de"><span class="s2">https://www.solarisgroup.com/gdpr_notice_de</span></a><br></span><span class="s1">EN:&nbsp;<a href="https://www.solarisgroup.com/gdpr_notice_en"><span class="s2">https://www.solarisgroup.com/gdpr_notice_en</span></a></span></p> <p><strong>To all recruitment agencies:</strong> Solaris does not accept unsolicited agency resumes. Please do not forward resumes to our jobs alias, Solaris employees or any other venture in our ecosystem. Solaris is not responsible for any fees related to unsolicited resumes.</p>