IT GRC Analyst

Upvest is on a mission to make investing as easy as spending money. The company empowers businesses to offer a wide range of investment products and the best experience in the field of capital market investment and retirement planning. Upvest’s Investment API is easy to integrate so that fintechs and enterprises alike can save resources and fully focus on their core business.‍

Upvest is one of the few fintechs in Europe that can provide its B2B clients with the full range of investment opportunities in the areas of principal broking business, proprietary trading, and safe custody business for traditional securities. The company was founded in 2017 by Martin Kassing and currently employs more than 180 people across Europe. Its latest €100m fundraising round (Series C) was led by Hedosophia and Sapphire Venture, with continued support from existing investors including Bessemer Venture Partners, BlackRock, Earlybird, HV Capital, Motive Ventures, and Notion Capital.

We’re looking for fintech enthusiasts to join us in creating the financial infrastructure of tomorrow. We’re building the first European Investment API to enable any financial institution to offer a wide range of efficient and transparent investment products, such as stocks and ETFs in nominal, portfolio, and fractional forms.

We’re based in Berlin but are also open to hiring remotely in Germany or Estonia for this role. If you're currently based elsewhere but would like to move to Germany, we’re happy to support your relocation.

Your mission:

• As an IT GRC Analyst, you will play a key role in strengthening Upvest’s security program, ensuring trust with clients, stakeholders, and employees. You will be responsible for maintaining world-class security and IT risk management systems and processes.

• In this role, you will act as a central point of contact for IT Governance, Risk, and Compliance (GRC) inquiries across the organization. You will communicate, triage, and report issues and risks to the IT GRC team while overseeing critical aspects of our Information Security Management System (ISMS) from risk analysis to implementation, monitoring, and control of security measures.

• Additionally, you will contribute to the development and enhancement of our Third-Party Management program, ensuring vendor security and compliance. This position blends methodological IT GRC responsibilities with operational assurance tasks, providing a well-rounded opportunity to drive security excellence within the organization.

This role will give you the opportunity to be deeply involved in:

• IT Governance:  Supporting and further developing our ISMS including the creation and implementation of policies, standards, guidelines and procedures in cooperation with the respective process owners. 

• IT Risk Management: Enhancing the IT Risk & Business Continuity Management Process. Conducting third party, internal risk and business continuity assessments. 

• IT Compliance Management: Defining and implementing baseline controls. Continuous ISMS maturity assessment based on ISO 27001/2022, DORA, etc..

• IT Audit Management: Support in the coordination of the IT General Controls and Application Controls Audit. Conducting preliminary IT Audits to prepare the Business and Engineering teams. Planning, execution and reporting of IT Security audit as 2nd Line of Defence audit.

What you bring:

• You have a University degree in the field of Computer Science, Information Technology/Security or equivalent work experience in the area of IT GRC/IT Security. 

• You have a strong knowledge of IT Governance, Risk, Compliance and Security, with an experience of 3-5 years. 

• You have excellent communication skills, written and oral, in English with the ability to engage with a multilingual international stakeholder base and teams at various levels (Sr. Management to C level).

Why Upvest?

• We're working on solving a hard problem: fixing the European securities financial infrastructure that empowers more people to be able to invest. You have the opportunity to contribute to this change.

• We invest in your growth with a dedicated development budget and plenty of opportunities to advance in your role.

• We take hiring seriously with a strong focus on keeping a high bar when interviewing (equally important is that we hire decent people, who are passionate about their craft and helping us achieve our shared mission).

• While we're not quite fully-remote, we are committed to being a flexible employer, as we understand you don't have to be in the office to do your best work.

We live a culture of empowerment, trust (that we hire the best people and get out of their way) and openness (there's a greater advantage in sharing information than keeping it to ourselves).

Our values:

• Learn and grow. We aim high to shape our future. We give and request honest feedback knowing that we develop together. Progression over Perfection.

• Team first. We make it easy for others. We value our differences and are open to others' opinions. We win and celebrate together! Team over Egos.

• Own the outcome. Whether we win or we lose, we stand together. We are proactive and get the job done. Outcome over Process.

• Tell the story. We always start with the why. We share knowledge to empower others. Transparency over Complexity.

Upvest is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees