Lead IT Risk Manager
HV Capital is a European venture capital firm that provides capital and support to bold founders across multiple stages and industries. With 26 years of experience, they have backed companies across AI & Enterprise Software, Deep Tech, Resilience & Defence, FinTech, and Consumer sectors.
About HV Capital
HV Capital is a venture capital firm with 26 years of experience investing in European innovation across multiple industries and business cycles. The firm backs founders from early stage through growth, spanning multiple fund generations, with a portfolio that includes companies in AI & Enterprise Software, Deep Tech, Resilience & Defence, FinTech, and Consumer sectors. Notable portfolio companies include NEURA Robotics, Zalando, n8n, Isar Aerospace, Quantum Systems, ARX, and Scalable Capital, with several portfolio companies having reached IPO. HV Capital has approximately €2.89 billion in assets under management and works with founders across multiple disciplines and team perspectives.
Skills
About the Role
You will play a pivotal role in owning and evolving the IT Risk Framework within the second-line risk function. Operating in a highly growth-oriented and regulated financial services environment, you will bring a strong blend of technical governance expertise, independent challenge capabilities, and strategic stakeholder management. You will serve as the primary second-line authority for IT risk matters, providing oversight to the first-line IT GRC team, leading comprehensive risk assessments, and ensuring strict alignment with the overarching Risk Appetite Framework.
Requirements
- University degree in Computer Science, Information Technology, Information Security, or an equivalent academic/professional background
- Minimum of 5+ years of progressive professional experience in IT Governance, Risk, Compliance, and Security (IT GRC / IT Security) within a regulated financial institution, bank, fintech, or fast-scaling B2B platform environment
- Deep operational understanding of IT governance standards (e.g., ISO 27001), regulatory risk requirements (BaFin BAIT/MaRisk), and modern resilience standards like DORA
- Exceptional verbal and written articulation skills in English, with a proven ability to engage credibly with a multilingual international stakeholder base, technical engineering leads, and C-level executives
- A strong product engineering and security-focused mindset, combined with commercial pragmatism and the ability to operate confidently under ambiguity
Responsibilities
- Own and evolve the IT Risk and Business Continuity Management Framework within the second line, keeping it scalable as the business grows
- Provide independent second-line oversight and challenge to the first-line IT GRC team on the design and effectiveness of IT controls
- Lead IT risk identification, assessment, and mitigation across cyber, technology resilience, third-party, and data security, linking back to the Risk Appetite Framework
- Mature the ISMS by guiding policies, standards, and procedures with the relevant process owners
- Define baseline controls and run continuous ISMS maturity assessments against ISO/IEC 27001:2022 and related standards
- Oversee third-party IT risk, internal technology exposures, and business continuity assessments
- Drive second-line assurance reviews and deep-dives across critical IT risk domains, reporting findings and tracking remediation to closure
- Support internal and external audits, including IT General Controls (ITGC) and Application Controls
- Run preliminary internal IT audits to prepare engineering, product, and business teams for official engagements
- Lead Upvest's DORA obligations, including ICT risk management, incident classification, and third-party ICT risk oversight
- Track the regulatory landscape (BaFin, EBA, ESMA, ECB) and translate requirements into actionable risk guidance
- Act as the primary second-line contact for IT risk, reporting posture and material risk events to senior stakeholders, the C-suite, and the Risk Committee
Benefits
- €20,000 per year to spend on AI tools
- 30 days of annual leave
- Sports benefits
- Confidential professional coaching
- Flexibility to work remotely abroad for up to 183 days a year
- One-month fully paid sabbatical after every 4 years of working at Upvest
- Personal development budget
- Flexible work environment across hubs in Berlin, London or Tallinn, hybrid or remote across Europe
- Competitive salary and participation in employee equity program
- Company-wide events such as UpFest, dinners, offsites and Holiday party
