Senior It Risk & Controls Manager

At Zalando, our vision is to be inclusive by design. And this vision starts with our hiring - we do not discriminate on the basis of gender identity, sexual orientation, personal expression, ethnicity, religious belief, or disability status. You are welcome to leave out your picture, age, or marital status from your application. We only assess candidates on their qualifications and merit. ​

We want to provide you with a great candidate experience. Feel free to inform us of any accommodations you may need, so we can best support you throughout the hiring process.

do.BETTER - our diversity & inclusion strategy: https://corporate.zalando.com/en/our-impact/dobetter-our-diversity-and-inclusion-strategy
Our employee resource groups: https://corporate.zalando.com/en/our-impact/our-employee-resource-groups

As a Senior IT Risk & Controls Manager in our Risk, Controls & Business Continuity team at Zalando Payments, you will drive and steer the identification & evaluation of IT risks (Information risk) as part of our business/regulatory risk assessment process. Conducting risk assessments to identify potential vulnerabilities and threats to IT systems and data, and design and implement controls (together with the first line of defence) to mitigate these risks . You will also drive the ongoing development and implementation of our IT risk management framework. Designing and maintaining a framework related to IT general controls such as access management and change management controls, ensuring alignment with industry standards and regulatory requirements. Coordinating with internal and external auditors to facilitate ITGC audits, providing necessary documentation and evidence to demonstrate compliance with control objectives. Providing training and awareness programs to IT staff and other relevant stakeholders to ensure understanding of ITGC procedures and controls.

WHERE YOUR EXPERTISE IS NEEDED

• Be the go-to-person for all IT risk-related matters within ZPS - you will own and drive the topic;

• Drive the planning, preparation and execution of IT risk workshops for Zalando Payments GmbH (ZAG-regulated entity);

• Facilitate the maintenance and extension of the IT risk catalogue;

• Design and implement IT General Controls and countermeasures using COSO, COBIT or ISO standards

• Identifying opportunities for process improvement and efficiency enhancements within the ITGC framework

• Deliver in-depth risk analysis on information assets;

• Create risk reports on IT risk for the management round of Zalando Payments as well as for regulatory bodies (eg, BaFin).

• Work closely with the Information Security, Operational Security, as well as Engineering teams to improve the IT risk management framework within ZPS.

WHAT WE’RE LOOKING FOR

• Strong understanding of IT Risk & Controls management, as well as IT compliance frameworks and processes

• Already gained at least 3-5 years of professional experience in a similar role, preferably working in an international environment;

• Team player with strong communication skills in order to interact with stakeholders in different teams and at different hierarchical levels;

• Broad understanding of SOC2, ISO 2700-1/5 or any equivalent industry standards;

• Previous experience in the fintech industry is a plus, in addition to a deep understanding of ZAIT, MaRisk and DORA requirements.

• Excellent level of written and verbal skills in English (and preferably in German).

Our Offer

Zalando provides a range of benefits, here’s an overview of what you can expect. Ask your Talent Acquisition Partner to learn more about what we offer.

• Employee shares program

• 40% off fashion and beauty products sold and shipped by Zalando, 30% off Zalando Lounge, discounts from external partners

• 2 paid volunteering days a year

• Hybrid working model with 60% (or more) remote per week, actual practice is up to each team to best support their collaboration

• Work from abroad for up to 30 working days a year

• 27 days of vacation a year (for Zalando SE)

• Relocation assistance available (subject to prior agreement)

• Family services, including counseling and support

• Health and wellbeing options (including Gympass)

• Mental health support and coaching available