Own and strengthen company-wide security and compliance
Lead security efforts across infrastructure, applications, internal systems, and employee devices
Identify risks and vulnerabilities across the organisation and ensure they are addressed
Establish scalable security processes and best practices across teams
Own the organisation's compliance posture - define target frameworks, drive progress against them, and ensure requirements are reflected in day-to-day operations
Coordinate audits and external security work
Own relationships with external security firms and auditors
Lead the organisation through compliance framework certifications end-to-end
Plan and run security reviews and external audits, ensuring findings are tracked and resolved
Act as the internal authority on external security requirements and regulatory expectations
Build security awareness across the company
Define and own the company's security awareness and training programme
Drive application security
Own the Secure Software Development Lifecycle (Secure SDLC) across the engineering organisation
Work closely with engineering teams to ensure secure design and implementation of products — getting into the detail where needed
Personally review tools, frameworks, and architectures for security risks and ensure findings drive action
Own Web3 security
Bring a solid understanding of Web3-specific security risks — smart contract vulnerabilities, protocol exploits, wallet and key management, and on-chain threat vectors
Own AI Security
Identify and mitigate security risks related to AI-driven tooling, agents, and automation
Implement security tooling and automation
Own the security tooling strategy — defining requirements, evaluating solutions, and driving implementation
Establish monitoring standards, incident response processes, and security workflows
Ensure security is consistently embedded in engineering pipelines and tooling

Requirements

Proven experience owning or leading a security function — not just executing within one
Background in security engineering or architecture — you understand how systems are built and where they break
Experience building or maturing security programmes in fast-moving engineering organisations
Experience in a Web3 or payments fintech environment
Solid knowledge of key compliance frameworks including SOC 2, ISO 27001, DORA, MiCA, the EU AI Act, NIS2, and related standards
Experience guiding organisations through certification and audit processes end-to-end — not just familiarity with the frameworks, but having done the work
Strong understanding of modern application security practices
Experience with security reviews, threat modelling, and vulnerability management
Familiarity with cloud infrastructure security and developer tooling
Understanding of AI security risks and emerging attack vectors is a strong plus
Experience managing or mentoring security teams is a plus
Strategic thinker who can translate risk into priorities and communicate them clearly to leadership
Comfortable operating with autonomy in a fast-moving, ambiguous environment
Able to influence without authority across engineering and leadership
Proactive by default - you identify problems before they're escalated to you

Benefits

30 days of PTO
Flexible remote days
Flexible working hours
Equity participation from day 1
Entitlement to work computer (choice of equipment)
An annual 1,000€ personal development budget once you have worked 6+ months (pro-rated the first year)
A one-time 1,000€ remote budget to use on coworking, office setup, etc.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

security engineeringsecurity architectureapplication securityvulnerability managementthreat modellingSecure Software Development LifecycleWeb3 securityAI securitysecurity toolingincident response

Soft Skills

strategic thinkingcommunicationinfluence without authorityproactive problem solvingautonomymentoringleadershiprelationship managementbuilding security awarenesstranslating risk into priorities

Certifications

SOC 2ISO 27001DORAMiCAEU AI ActNIS2