
Information Security Controls Manager - Cloud & AI Governance
N26 is seeking an Information Security Controls Manager to join the Information Risk Management segment within its Information Security Controls team. The role focuses on operating the Information Security Controls Framework without disruption, with a specialized emphasis on strengthening cloud security posture and AI governance frameworks. You'll work across N26's complex international and regulatory landscape, communicating frequently with stakeholders at all levels, reviewing control evidence, highlighting risks, and supporting audits. The position requires roughly 4-6 years of experience in information security compliance, risk, or audit.
Responsibilities
- ▹Execute and review the Information Security Controls Framework monitoring process, covering cloud infrastructure and AI/ML deployments
- ▹Communicate, collate and review evidence received via monthly control review request tickets (TOE)
- ▹Perform QA reviews and seek clarification from stakeholders to confirm control effectiveness
- ▹Highlight gaps and risks, raise non-conformities (particularly cloud misconfigurations and AI model risks), and suggest improvements
- ▹Liaise with the CISO and DPO offices to provide monthly status updates on controls, including cloud security and AI compliance
- ▹Improve awareness of controls, security practices, and responsible AI use among stakeholders
- ▹Contribute to developing KRIs for traditional IT, cloud environments, and AI use cases
- ▹Review and update control design pages from a technical perspective and maintain the control calendar
- ▹Handle change requests, prepare and follow up on Change Request tickets
- ▹Draft and publish monthly control reports and other documentation (MoMs)
- ▹Support the team and stakeholders during audits, coordinating action items and evidence
- ▹Map internal control frameworks to cloud security benchmarks (e.g., CSA, BSI C5) and AI governance frameworks
Requirements
- ▹Bachelor's or Master's degree relevant to information security or computer science
- ▹Approximately 4-6 years of experience in an information security compliance, risk, or audit role
- ▹Demonstrated experience or strong knowledge of cloud security controls (AWS/Google Cloud preferred) and AI/ML governance risk frameworks
- ▹Knowledge of security standards such as ISO 27001, ISO 42001, NIST, BSI C5, and regulatory requirements like DORA, EU AI Act, EU CRA and EU GDPR
- ▹Good understanding of Information & Communication Technologies (ICT) and security controls
- ▹Proficiency with Jira, Confluence and Google Workspace apps, including Google Sheets features and formulas
- ▹Ability to analyze and evaluate documentation, reports, data, and flowcharts for IT processes
- ▹Fluency in English is strictly required
Nice to have
- ▹Previous experience with audit/compliance frameworks and methodologies
- ▹Previous experience with compliance tools (e.g., ServiceNow, OneTrust)
- ▹German proficiency
Soft skills
What we offer
- ▹Competitive personal development budget
- ▹Work from home budget
- ▹Discounts to fitness & wellness memberships, language apps and public transportation
- ▹Premium subscription on a personal N26 bank account, plus subscriptions for friends and family
- ▹Additional day of annual leave for each year of service
- ▹High degree of autonomy and access to cutting-edge technologies
- ▹Relocation package with visa support for those who need it
About the company
N26 has reimagined banking for today's digital world, building a global banking platform driven by technology and design, with no physical branches, paperwork, or hidden fees. Headquartered in Berlin with offices across Europe including Vienna and Barcelona, it has a 1,500-strong team of more than 80 nationalities and is committed to equal opportunities and an accessible candidate experience.