System Cybersecurity
Avint
CloudCyber Security
Information Security Risk Lead
Tide
full-time
Posted on:
Location Type: Office
Location: 🇱🇺 Luxembourg
Visit company websiteJob Level
Senior
Tech Stack
CloudMicroservices
About the role
- Operate as part of the Second Line of Defence (2LOD), providing independent oversight and challenge on information security controls, focusing on governance, regulatory alignment, risk management and reporting
- Responsible for filling TPSA’s Information security returns to the CSSF and responding to enquiries; keep abreast of regulatory requirements and reporting obligations including Tech and Cyber, DORA, IT Incident management
- Interact with Tide’s third party stakeholders in Europe such as partners and regulators on behalf of Tide Risk & Compliance Luxembourg
- Define information security standards specific to Tide Platform SA operations, aligned with the global ISMS
- Act as a thought leader for local information security requirements
- Manage information security risk in accordance with Tide’s Global Risk Management Framework and CSSF Articles regulatory requirements
- Manage Tide’s global ISMS with focus on people, process and technology controls in Luxembourg
- Implement real-time compliance monitoring and risk management processes using modern GRC tooling and automation
- Ensure alignment with information security control frameworks (ISO 27001, NIST, NIS2, DORA)
- Conduct local information security risk assessments and control oversight and drive best practices globally
- Work with 1LOD stakeholders to deliver information security risk treatment plans
- Define and measure key risk indicators and interpret data from information security tooling to develop insightful risk reporting
- Facilitate external audit requirements in Europe and support technology-related audits, coordinating and collating records, policies and documents for security and IT resilience topics
- Reinforce a strong security culture and awareness throughout the business
- Prepare and present regular reports on security posture, risk status, and compliance efforts to Tide Platform SA senior leadership, risk committees, key partners and regulatory bodies
- Ensure Tide’s compliance with applicable EU and Luxembourg regulatory requirements and monitor regulatory developments
Requirements
- A minimum of 10 years experience working in information security GRC (governance, risk & compliance) related roles
- Experience interacting with financial regulators and government agencies in Luxembourg (e.g. CSSF, BCL)
- Familiarity with DevSecOps within CI/CD pipelines, Infrastructure as Code (IaC), Zero Trust architecture, containerisation, microservices, and cloud-native development
- Understanding of effective change management within agile, fast-paced environments
- Experience using GRC tooling to monitor compliance and carry out risk management activities
- Proven experience working at or on behalf of a technology-driven, financially regulated organisation
- Implemented, maintained and supported an ISMS using ISO 27001
- Experience with security control frameworks such as ISO 27001, NIST CSF, CIS Critical Security Controls, PCI DSS
- Experience with audits applicable to information security such as ISO 27001, RBI Systems Audit Report (SAR), SOC2, Data Localisation
- Performed information security risk assessments and control oversight
- Good technical knowledge in the field of information security
- Led information security risk treatment projects
- In-depth knowledge of payment security standards, data protection regulations, RBI Master Directions, and risk management frameworks
- Relevant certifications such as CISSP, CISM, CISA are strongly preferred
Benefits
- 26 days holiday with the option to take 5 extra days of unpaid leave per year
- 1000 EUR professional L&D budget per year and access to Learnerbly (available after probation)
- Extended Parental Leave
- At least 3 days of paid leave for volunteering or L&D time off per year
- Mental health support through Plumm
- Flexible work from home; Tide contributes 50% of office equipment for remote working - up to EUR 200
- Work and travel globally - up to 90 days per country outside of your home country (subject to internal policy)
- Sabbatical Leave (detailed progressive unpaid/paid months after years of service)
- Option to take your work device as your own (eligibility applies)
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
information security GRCDevSecOpsInfrastructure as Code (IaC)Zero Trust architecturecontainerisationmicroservicescloud-native developmentGRC toolingISO 27001risk assessments
Soft skills
change managementcommunicationleadershipcollaborationreportingproblem-solvingstrategic thinkingrisk managementoversightsecurity culture
Certifications
CISSPCISMCISA
