About us

Hubject is the market and innovation leader in the eMobility sector. Together with our team, we develop ideas and deliver solutions for the eMobility market. This will become the most important growth topic worldwide in the coming years.

Our vision becomes our mission: We accelerate the EV ecosystem towards a sustainable mobility future.

Our Values are:

We are Curious

We are Ambitious

We are Accountable

We are Inclusive

These four core values shape our collective identity and guide us as we navigate challenges, pursue growth, and make a positive impact in our industry and beyond. We are curious. We are ambitious. We are accountable. We are inclusive.

At Hubject, we are dedicated to building a diverse and inclusive workforce. We welcome candidates of all backgrounds and experiences.

More about us

Hubject simplifies the charging of electric vehicles. Through its eRoaming platform, called intercharge, the eMobility specialist connects Charge Point Operators or CPOs and eMobility Service Providers or EMPs, thus providing standardized access to charging infrastructure regardless of any network.

With over one Million connected charging points and more than 2250 B2B partners across 63 countries and four continents, Hubject has established the world’s largest cross-provider charging network for electric vehicles by connecting CPO networks. In addition, Hubject is a trusted consulting partner in the eMobility market, advising automotive manufacturers, charging providers and other EV-related businesses looking to launch eMobility services or implement Plug&Charge using ISO 15118. In essence, Hubject promotes eMobility and its advancement worldwide.

Founded in 2012, Hubject is a joint venture of the BMW Group, Bosch, EnBW, Enel X, Mercedes-Benz, E.on, Siemens, and the Volkswagen Group. Hubject’s headquarters is located in Berlin, with subsidiaries in Los Angeles and Shanghai.

Your challenge

As our Senior ICT Risk Manager / Information Security Officer (all genders), you are responsible for the information security and ICT risk governance at Hubject Financial Services GmbH (HFS), a BaFin-licensed payment service provider (PSP) established in 2024. In this key position, you hold the dual mandate as the Information Security Officer (ISO) and the ICT Risk Control Function under DORA, operating within the second line of defense.

Your mission: strengthen HFS’s security posture, digital resilience, and governance maturity while contributing to our growth as a regulated FinTech at the intersection of payments and e-mobility.

Why Hubject Financial Services

Why Hubject

• We are a newly BaFin-licensed payment institution backed by Hubject GmbH — the global market and innovation leader in e-mobility services
• We operate at the intersection of payments, regulation, and e-mobility infrastructure, serving a fast-growing ecosystem of charge point operators, e-mobility providers, and partners across Europe You join a small, senior expert team, where your decisions have immediate impact and you help build governance structures from the ground up
• HFS benefits from being embedded in Hubject GmbH — backed by major industry players from the automotive, energy and technology sectors (BMW, Bosch, Mercedes, EnBW, Enel, E.ON, Siemens and Volkswagen) — giving our company the foundation to build cutting-edge payment services for e-mobility.

We also offer benefits across:

• Food & drinks (food subsidy)

• Mobility (BVG subsidy)

• Health & sports (Urban sports membership M)

• Learning and development (yearly training budget and Udemy learning platform access)

• Hubject Lifestyle (Voiio membership)

• Family-friendly environment (flex working time)

Your Tasks

You will shape the ICT risk and security governance of a newly established BaFin-regulated PSP from the ground up a rare opportunity in the German financial sector including:

ICT Risk and IS Governance & Management Framework

• Take formal responsibility as the Information Security Officer (ISO) and as the ICT Risk Control Function under DORA, ensuring effectiveness of HFS’s ICT and cyber risk management framework.
• Establish, operate, and continuously improve the Information Security Management System (ISMS) in alignment with ISO/IEC 27001, DORA, and business and risk strategy, ensuring appropriate policies, controls, and awareness measures are in place.
• Define Hubject FS ICT Risk Management Framework, including ICT risk taxonomy, scenarios and risk appetite.
• Ensure that all ICT risk-related processes are consistently designed and executed.
• Provide independent challenge to first-line assessments and ensure transparency of ICT risk exposure for management and supervisory body.

Incident Management & ICT Resilience

• You coordinate the Local Security Incident Response Team (LSIRT) and act as the central contact for information security incidents, ensuring appropriate escalation, documentation, and regulatory notifications.
• Support ICT operational resilience by aligning incident, continuity and recovery processes with DORA requirements.

Policies, Standards  and Security Culture

• Ensure that  ICT and security policies, standards, and documentation are consistent, up to date, and embedded effectively across all departments.
• Design and deliver awareness and training programs on information security and ICT risk topics, fostering a strong security and resilience culture across HFS.

ICT Third-Party Risk Management

• Perform and review third-party and ICT-outsourcing risk assessments, ensuring external providers and intra-group services meet security and operational resilience in line with DORA and internal standards.
• Contribute to ICT operational resilience by reviewing and challenging Business Impact Analyses (BIA), critical function mapping, and ICT Business Continuity and Disaster Recovery plans in line with DORA requirements
• Ensure oversight of continuity and recovery testing, validate outcomes, and follow up on remediation measures to guarantee readiness and resilience
• Align ICT-BCM governance with HFS’s risk appetite, incident management practices, and outsourcing arrangements

Reporting, Audit and Supervisory Interaction

• Prepare and deliver ICT risk and security reports for internal governance bodies, auditors, and supervisory authorities, ensuring a clear and consistent communication of the institution's ICT risk profile.
• Contribute to internal/external audits and BaFin inspections through clear analyses, professional reporting, and proactive recommendations.

Group Coordination

• Collaborate closely with the ISO of Hubject GmbH to ensure consistent alignment of ICT security and risk management practices across the group.Collaborate closely with the ISO of Hubject GmbH to ensure consistent alignment of ICT security and risk management practices across both organizations.

Your Profile

Professional Background

• 7+ years of professional experience in ICT risk management, information security, or operational resilience, within a financial-services or fintech environment.
• Expert knowledge of DORA, ISO/IEC 27001, and information-security best practices.
• Proven experience in establishing, managing, and improving an ISMS, including ICT and third-party-risk control processes.

Soft skills

• Project management skills, with the ability to work collaboratively with cross-functional teams, certifications such as CISSP, CISM, CRISC, CISA are a plus
• Connect ICT, security, business, and regulatory perspectives into a coherent strategic view and anticipates emerging risks and regulatory developments, adapting governance accordingly.
• Excellent communication and stakeholder-management skills; confident in engaging with management, auditors, and supervisory authorities.
• Entrepreneurial mindset and willingness to work hands-on in a small, international, senior expert team.

Language

Proficiency in written and spoken English; German language skills will be plus

Start date

April 2026 (or earlier)

Location

Onsite in Berlin

Hybrid system:

• 2 days per week at the office, 3 days remote
• EUREF Campus in Schöneberg in Berlin - Europe's hotspot for green technology and eMobility