Head of IT Audit (f/m/d)

Solaris is a tech company with a full German banking license. Our Banking-as-a-Service platform enables businesses to offer their own financial products. With our straightforward APIs, our partners can access and integrate a wide range of solutions such as digital banking, payments, cards, identification and lending services. As a market leader we are driven by bringing transformational change to the financial services industry.

We love what we do and we love our team. We are 400+ and over 60 nationalities - a unique blend of techies, fintech enthusiasts, bankers and entrepreneurs from various industries. Our routines are built around genuinely valuing and exchanging different perspectives as well as actively sharing knowledge as we drive our business as a team. We believe and invest in personal growth.

As Head of IT Audit, you will lead our IT Audit function with group-level responsibility as part of the 3rd Line of Defense. You will shape and execute a risk-based IT audit plan across our entities and relevant institutes, identifying and assessing key technology and security risks, while ensuring full alignment with supervisory and regulatory expectations, including BAIT, MaRisk, KWG, IT-Grundschutz, and relevant ISO standards (e.g., ISO 27001).

Your Role

• Represent the IT Audit department internally and externally (incl. regulators, Audit Committee, and key stakeholders).

• Provide disciplinary leadership of the IT Audit team, including staffing and capacity planning, coaching, and development.

• Own audit planning for IT Audit (risk assessment, annual plan, scoping, prioritization).

• Drive the continuous improvement of IT audit methodology and related internal audit processes (e.g., ToD/ToE approaches, reporting standards)

• Steer and monitor IT audits at both group and entity level; ensure timely delivery and high-quality outcomes.

• Manage and oversee external service providers supporting Internal Audit (IT-audit related), including performance, quality, and deliverables.

• Ensure quality assurance for IT audit workpapers, reporting, and adherence to Internal Audit standards (IT-audit related).

• Independent preparation and conducting of IT audits, incl. drafting of audit reports and coordination with stakeholders

• Participation in the review and assurance of the internal control system, compliance, security and efficiency of IT processes and systems

• Follow up review of internal and external audit findings

• Balance audit independence with constructive collaboration across IT, Risk, Compliance, and Operations.

• Translate complex IT risks into clear, actionable insights for the Board, Audit Committee, and regulators.

We'd love to see

Depending on your level of experience, your responsibilities and scope of role will range. We don’t care much about fancy titles, but rather about real personal and professional development, as laid out in our learning framework. Let’s figure together out how you can contribute to our team.

• 7- 10 years in IT / IT risk / cybersecurity / audit, ideally in banking or fintech, including 5+ years in IT audit or a related consulting/audit environment with strong exposure to BAIT/MaRisk/KWG/ISO/IT-Grundschutz.

• Education degree in Business Informatics, Information Technology, Computer Science, Cyber Security, Information Security or similar field.

• First proven leadership experience leading, mentoring and guiding IT auditors.

• Experience as an IT auditor or IT risk consultant in auditing techniques (ToD and ToE).

• Familiar with COBIT, ITIL, ISO 27001, MaRisk, DORA, BAIT, PSD2, GDPR, NIST.

• Technical Competencies in Core banking systems, cloud-based infrastructures, API-driven platforms.

• Experience with regulator interactions, audit committees, and board-level reporting.

• Deep understanding of threats, incident management, encryption, identity & access management, GDPR compliance.

• Ability to align IT audit plans with the bank’s risk appetite and growth strategy.

• Familiarity with outsourcing/vendor risk management in financial services.

• Regulatory & Risk Knowledge with a strong grasp of EBA, MaRisk, ECB guidelines, especially regarding IT risk, outsourcing, and cloud usage in banking.

• Good understanding of an audit software and audit tools.

• Start-up or scale-up experience - a strong comfort level operating in an environment with fast-paced, evolving fintech environment, ambiguity, and constant change.

• Fluent German and English communication skills.

• CISA / CISSP certifications is nice to have.

Working Model:

• If you’re working from Berlin, we’d be happy to have you in the office two days per week.

• If you’re based elsewhere in Germany, we ask that you travel to Berlin for a few days each month for stakeholder collaboration, and other important onsite touchpoints. Monthly trips are reimbursed in line with our travel policy.

Benefits

• Home office budget.

• Learning & development budget of €1000 per year and a transparent growth framework to support your career goals.

• Competitive salary and a variable remuneration program.

• Monthly meal allowance.

• Deutschland ticket subsidy.

• 28 vacation days, increasing by 2 days after 2 years and 3 days after 3 years with Solaris.

• Opportunity to work abroad for up to 12 weeks per year.

While job ads usually paint an ideal picture of a candidate, studies show that most applicants meet an average of 60% of the criteria. Unfortunately, many promising candidates tend to apply only if they meet all the criteria. So if you think you have what it takes, but don't necessarily meet every single item in the job description, please contact us anyway. We'd love to talk with you and find out if you might be a good fit for us.

At Solaris, we are committed to nurturing an inclusive environment, where all Solarians feel valued, respected and supported. We are dedicated to building a diverse workforce that reflects the diversity of our communities. We are committed to equal employment opportunity regardless of color, ethnicity, religion, sex, origin, disability, marital status, citizenship, or gender identity. We are proud to be an equal opportunity workplace. If you have a disability or special need that requires accommodation, please let us know.

Information on data processing:

DE: https://www.solarisgroup.com/gdpr_notice_de
EN: https://www.solarisgroup.com/gdpr_notice_en

To all recruitment agencies: Solaris does not accept unsolicited agency resumes. Please do not forward resumes to our jobs alias, Solaris employees or any other venture in our ecosystem. Solaris is not responsible for any fees related to unsolicited resumes.