IT Security Officer IAM (ITSO-IAM) (all genders)

The company's IT is subject to strict financial supervision; the European DORA Regulation has been in force since 2025. This sets out comprehensive requirements for the relevant IT processes, in particular for IT operations and IT infrastructure. Your role with us will include the following:

• Enforce security policies across on-prem and Microsoft 365 environments
• Ensure alignment of third-party providers with internal security standards
• Validate and monitor security logs from both on-prem infrastructure and workspace
• Coordinate incident response between internal teams and third-party providers
• Supervise vulnerability management and ensure timely remediation of identified risks
• Verify patch management processes performed by third-party providers
• Lead security awareness and ensure proper user security practices
• Support the implementation, maintenance and continuous improvement of identity and access management (IAM) processes and controls in line with regulatory requirements (e.g. DORA, BaFin, ISO 27001)
• Ensure proper execution of joiner, mover and leaver (JML) processes, including user provisioning, modification and deprovisioning
• Oversee Identity & Access Management (IAM), including MFA, RBAC, and privileged access reviews
• Support internal and external audits by preparing access control evidence and tracking remediation actions

We are looking for a structured, security-focused and detail-oriented professional with an interest in identity and access management within regulated environments.

You are comfortable working with audit requirements and ensuring traceability and control effectiveness.

• 2-5 years of professional experience in IT Security, IAM or Cybersecurity, ideally in a regulated environment
• Degree in Information Technology, Computer Science, Cybersecurity or a related field
• Good understanding of IAM principles, including JML processes, access reviews, segregation of duties and privileged account management
• Experience supporting audits, access control reviews and remediation follow-up
• Good understanding of IT security frameworks and regulatory requirements (DORA, BaFin, ISO 27001, GDPR)
• Familiarity with authentication and authorization mechanisms
• Ability to review configurations and challenge technical setups

Tools & practical skills:

• Familiarity with directory services and IAM tools (e.g. Active Directory, Microsoft Entra ID, IAM / IGA (Identity and Governance Administration) solutions)
• Experience with ticketing and documentation tools (e.g. Jira, Confluence)
• Ability to query and investigate logs (Microsoft Sentinel or other SIEMs), detect anomalies, and trace incidents
• Understanding of firewalls, VPNs, segmentation, and traffic flows (even if managed by provider, you must validate & challenge)
• Experience with scanners (e.g., Nessus, Qualys) and ability to interpret results and prioritize remediation
• Basic understanding of authentication methods (MFA, SSO, Conditional Access)
• Experience documenting processes, controls and audit evidence
• Ability to challenge third-party configurations (ask the right technical questions, review configs, not just reports) Structured and reliable working approach
• Team-oriented mindset with strong communication abilities
• Fluent English and German, both written and spoken (C1/C2 level required)

• The opportunity to design and develop the IT Security for the future within a dynamic, growing company
• Flat hierarchies, quick decision-making processes and an agile working environment
• An attractive remuneration package, flexible working arrangements and a modern working environment
• A modern office in a convenient location in Düsseldorf
• Hybrid working model (2-3 per week days onsite in Düsseldorf)
• A collegial, highly motivated team

BlackFin Capital Partners is seeking an IT Security Officer IAM (ITSO-IAM) (all genders) to join the team at a new portfolio company in Germany. The company in question is one of the leading asset management firms in Germany and offers institutional investors solutions for structuring diversified investment portfolios. The company currently manages assets under administration totalling over €400 billion. To strengthen our team, we are looking for colleagues who will work with us to build and further develop the company. BlackFin Capital Partners is an investor specialising in Europe, focusing on investments in financial services companies with growth potential. BlackFin established a branch in Frankfurt in 2018 and has been actively investing in the DACH region since 2013. The company currently manages a fund volume of over €4 billion and invests capital from its two most recently launched funds: the BlackFin Financial Services Fund IV with a volume of €1.8 billion and the BlackFin Tech 2 with a volume of €390 million. About the company's IT: As with all financial firms, IT is of paramount importance to our company. The company's products and services are supported by around 60 specialised IT application systems. These are mostly standard software, such as Simcorp Dimension as the central fund accounting system, supplemented by a number of in-house developed systems as well as systems for corporate functions such as financial accounting, HR, compliance and non-financial risk management. Whilst the systems for the core business are mostly operated on-premises in two data centres belonging to a European IT infrastructure service provider, cloud-based SaaS solutions are increasingly being used for corporate functions. Naturally, all employees are equipped with the relevant IT workplace functions, which are expected to be procured and operated via an IT service provider.