Remote
$185k–$284k
head
2 months ago
full-time
quality 8.5/10
Your mission
As a Director, Information Security your mission will be to ensure the protection, integrity, and confidentiality of our organisation’s information assets. You will manage and grow our GRC function in a regulated fintech environment. You’ll lead a small team (e.g., Associates to Senior Specialists), own the GRC operating rhythm (risk, controls, audits, third-party oversight), and ensure we stay continuously audit-ready while scaling responsibly. This is a hands-on leadership role: you will set direction, coach and develop the team, and partner with senior stakeholders across Technical Operations, Engineering, IT, Compliance, Risk, Legal, and Procurement to drive effective, proportionate security governance.
What you’ll do
- Strategy, governance & risk accountability: Define and maintain the multi-year information security strategy and roadmap aligned with business objectives, risk appetite, and regulatory requirements. Establish security governance: decision forums, risk acceptance thresholds, exception processes, and clear accountability across the organization. Ensure effective enterprise security risk management, including identification of material risks, treatment plans, and board-level reporting.
- Security program leadership (end-to-end): Lead, scale and oversee security capabilities across domains (GRC/ISMS, Security Operations, AppSec, Cloud/Infrastructure Security, IAM, Security Architecture). Ensure security is embedded into product and engineering delivery (secure SDLC, threat modeling, security-by-design guardrails). Define security standards, controls and minimum baselines; drive consistent implementation across entities, regions, and critical systems.
- Compliance, audits & regulatory engagement: Oversee external and internal assurance programs (e.g., ISO 27001, SOC 2, PCI DSS, partner assurance) and ensure continuous audit readiness. Lead/coordinate security-facing regulatory engagement: examinations, requests for information, remediation commitments, and follow-ups. Ensure security requirements are integrated with broader compliance obligations and operational resilience expectations.
- Third-party & supply chain security: Set third-party security strategy for critical suppliers (due diligence, ongoing monitoring, contractual security requirements, and exit/continuity considerations). Ensure oversight of outsourcing/critical ICT providers consistent with regulatory expectations and business criticality.
- Stakeholder management & security culture: Act as an advisor at all levels: communicate security risk in business terms and drive alignment on tradeoffs. Partner with Engineering, Product, IT, Compliance, Risk, Legal, Procurement, and Internal Audit to deliver outcomes. Champion security awareness and accountability across the company.
Who you are
- Typically 10–15+ years in information security, including leadership of multiple security domains and senior stakeholder management.
- Demonstrated success building and scaling security programs in regulated environments (fintech/financial services preferred).
- Experience in implementing ICT related regulatory frameworks (e.g. DORA, BaFin).
- Strong grasp of security governance and risk management, plus practical understanding of modern cloud/security architecture and engineering practices.
- Proven experience with incident leadership and crisis management.
- Extensive experience with assurance and frameworks (e.g., ISO 27001, SOC 2, NIST), including translating requirements into operating programs.
- Excellent executive and technical communication: able to brief board/executive audiences and represent the company externally, as well as being able to discuss technical requirements and implementations with the First Line of Defence (1LoD).
What’s in it for you
- Flexibility to work where you thrive – Enjoy the freedom of our Hybrid working model, combining onsite collaboration and remote work, with an additional 25 days per year to work from a city or country of your choice.
- Reward for your impact – Receive a competitive total compensation package aligned with Bitpanda’s pay-for-impact policy, including participation in our stock option plan.
- Support for your mental wellbeing – Access confidential coaching, counselling, and mental health resources whenever you need them through OpenUP.
- Time to recharge – Take extra time off to rest, reset, and recharge, with 3 additional days off in 2026 to prioritise your wellbeing.
- Continuous learning and growth – Grow your skills and stay ahead in your career with unlimited access to Udemy’s library of online courses at your own pace.
- Exclusive perks and rewards – Enjoy discounts, rewards, and perks from partners worldwide across lifestyle, wellness, tech, and travel.
- Support during life milestones – Take advantage of our additional 8 weeks of gender-neutral new parent leave to welcome and bond with your new addition to the family.
- Create a productive workspace at home – Set up your home office exactly how you want it with a dedicated budget for comfort and productivity.
- Fuel and focus on-site – Pandas in Vienna, Bucharest, Barcelona, and Berlin can enjoy free onsite dining, with freshly prepared lunches and snacks to keep you fuelled and focused all day long.
- Recognition for your contributions – Celebrate milestones and achievements with recognition and rewards for your Tenure at Bitpanda.
- Show your Bitpanda pride – Access exclusive Bitpanda-branded merchandise and gear to represent.
- Connect and celebrate with your team – Join unforgettable company events, from our Winter Party in Vienna to summer gatherings worldwide, fostering fun, connection, and celebration.
Similar jobs
Country Lead - Spain & Portugal
Bitpanda · Remote
$150k–$260k
2 months ago
View →
MICAR Compliance Specialist
Bitpanda · Remote
$122k–$225k
2 months ago
View →
Head of Brand Creative
NewPhantom · Remote
$270k–$320k
1 day ago
View →
Head of Engineering
Xapo61 · Remote
$120k–$200k
3 days ago
View →
Director of Sales - Mesh
Mesh · Remote
$165k–$210k
17 days ago
View →
Head of SOX and Internal Controls
Coinbase · Remote
$150k–$250k
22 days ago
View →