Requirements:
— 7+ years in Information Security or Cybersecurity, including leadership roles.
— Experience in regulated industries (FinTech, Crypto, Banking) with strong knowledge of EU regulations (CASP/FMA, DORA, GDPR).
— Solid expertise with security frameworks and tools: ISO 27001, NIST, SIEM, EDR, IAM, incident response, vulnerability management.
— Proven experience managing major security incidents, forensics, and security risk assessments.
— Member of the DORA Committee.
— Strong background in compliance, audits, and collaboration with Legal, Compliance, and DPO.
— Excellent communication skills and ability to work with executive stakeholders and regulators.
— Relevant certifications are a plus (CISSP, CISM, CRISC, ISO
Responsibilities:
1. Strategy & Leadership
— Develop and implement a comprehensive information security strategy aligned with company goals and risk appetite.
— Lead the cybersecurity function, including governance, risk management, and compliance.
— Advise executive leadership and the board on security risks, threats, and emerging trends.
— Establish and maintain the organization's security vision, policies, and frameworks.
1. Risk Management
— Identify, assess, and monitor enterprise-wide cybersecurity and resilience risks.
— Maintain and regularly update the information security risk register.
— Ensure effective third-party and supply-chain security management.
— Implement ongoing security posture assessments.
1. Security Operations
— Oversee daily operations of security tools (SIEM, IDS/IPS, EDR, IAM).
— Ensure continuous monitoring, detection, and response to threats.
— Lead vulnerability management and penetration testing efforts.
— Ensure secure design and maintenance of infrastructure, systems, and applications.
1. Incident Response & Business Continuity
— Develop, implement, and test incident response and disaster recovery plans.
— Lead response to cybersecurity incidents and data breaches.
— Conduct post-incident investigations, forensics, and corrective actions.
— Align cybersecurity with business continuity and operational resilience requirements.
1. Compliance & Governance
— Ensure compliance with regulatory and industry standards (CASP/FMA, DORA, ISO 27001, GDPR, NIST, PCI-DSS).
— Oversee data protection and privacy processes in collaboration with Legal and DPO.
— Prepare for internal and external security audits; maintain evidence and documentation.
— Participate in compliance monitoring and regulatory reporting.
1. Security Awareness & Culture
— Promote a strong security culture across the organization.
— Implement ongoing cybersecurity awareness and training programs.
— Partner with HR and Communications to drive secure behavior and accountability.
1. Vendor & Stakeholder Management
— Manage relationships with security vendors, partners, and auditors.
— Collaborate with IT, Legal, Risk, Operations, and Product teams.
— Evaluate and recommend cybersecurity solutions and technologies.
1. Reporting & Metrics
— Develop and report key cybersecurity KPIs/KRIs to senior management and the board.
— Present complex security topics in clear business language.
— Continuously assess and improve overall security program effectiveness.
1. Emerging Threats & Innovation
— Monitor cybersecurity trends, intelligence, and regulatory developments.
— Drive innovation in tooling, automation, and processes.
— Integrate security into cloud, digital transformation, and emerging technologies.