Job
- Level
- Senior
- Job Field
- IT, System, Security
- Employment Type
- Full Time
- Contract Type
- Permanent employment
- Location
- Vienna
- Working Model
- Hybrid, Onsite
Job Summary
In this role, you will drive GRC processes, conduct risk assessments, and optimize audits while implementing and maintaining security policies and controls.
Your role in the team
- As an Information Security Senior Associate, you will drive key parts of our governance, risk, and compliance (GRC) program in a regulated fintech environment.
- You will be responsible for managing recurring GRC processes end-to-end (such as evidence cycles, control testing, risk workflows), collaborating with control owners across the organization, and helping us stay continuously audit-ready.
- Ownership of Governance & Control Framework: Own and maintain parts of the ISMS; ensure policies and standards are implemented in a measurable way; support security-by-design governance for new initiatives.
- Assurance & audit execution: Plan and run audit readiness activities (ISO 27001/SOC 2/internal audit/regulatory requests): timelines, evidence plans, stakeholder coordination; review evidence for quality (period coverage, completeness, traceability), challenge gaps, and drive remediation with control owners; draft clear, consistent responses to auditors and internal stakeholders; maintain an action plan and verify closure.
- Risk management: Facilitate risk assessments for systems/projects/vendors with appropriate depth; document outcomes and treatment plans; maintain the risk register quality; identify systemic themes (repeat findings, control weakness patterns) and propose improvements to reduce residual risk.
- Third-party risk & compliance enablement: Lead parts of third-party risk management: due diligence reviews, tracking remediation commitments, and supporting security contractual requirements; Partner with Procurement/Legal/Business owners to ensure proportionate security requirements for vendors (especially critical service providers).
- Control testing & continuous improvement: Execute control design/operating effectiveness testing for a defined control set; document results and recommend improvements; produce GRC reporting and metrics for leadership (audit status, overdue actions, risk trends, control health indicators); improve GRC workflows through templates, playbooks, automation, and tooling (where applicable).
This text has been machine translated. Show original
Our expectations of you
Qualifications
- You're proactive and ownership-driven: you don't wait to be told what's missing; you spot gaps and fix them.
- You can balance rigor with pragmatism, applying controls proportionate to risk and business criticality.
- You write clearly and persuasively, especially when documenting controls, risks, and audit responses.
- You're comfortable challenging constructively; asking 'show me' and improving evidence and control quality without being obstructive.
- You're collaborative and calm under deadline pressure (audits, regulator requests, and escalations).
This text has been machine translated. Show original
What we offer
- Flexibility to work where you thrive - Enjoy the freedom of our Hybrid working model, combining onsite collaboration and remote work, with an additional 25 days per year to work from a city or country of your choice.
- Receive a competitive total compensation package aligned with Bitpanda's pay-for-impact policy, including participation in our stock option plan.
- Access confidential coaching, counselling, and mental health resources whenever you need them through OpenUP.
- Take extra time off to rest, reset, and recharge, with 3 additional days off in 2026 to prioritise your wellbeing.
- Grow your skills and stay ahead in your career with unlimited access to Udemy's library of online courses at your own pace.
- Enjoy discounts, rewards, and perks from partners worldwide across lifestyle, wellness, tech, and travel.
- Take advantage of our additional 8 weeks of gender-neutral new parent leave to welcome and bond with your new addition to the family.
- Richten Sie Ihr Home-Office genau so ein, wie Sie es möchten, mit einem festen Budget für Komfort und Produktivität.
- Pandas in Vienna, Bucharest, Barcelona, and Berlin can enjoy free onsite dining, with freshly prepared lunches and snacks to keep you fuelled and focused all day long.
- Celebrate milestones and achievements with recognition and rewards for your Tenure at Bitpanda.
- Access exclusive Bitpanda-branded merchandise and gear to represent.
- Join unforgettable company events, from our Winter Party in Vienna to summer gatherings worldwide, fostering fun, connection, and celebration.
This text has been machine translated. Show original
Benefits
Health, Fitness & Fun
Food & Drink
Work-Life-Integration
More net
Topics that you deal with on the job
Job Locations
This is your employer
Bitpanda GmbH
Wien
At Bitpanda, we strongly believe in the innovative power of cryptocurrencies, digital assets and blockchain technology. Our mission is to remove barriers to personal finance and bring traditional financial products into the 21st century. With 1.2 million users and more than 270 team members from over 44 different countries, Bitpanda is leading the way in inclusive finance.
Description
- Company Size
- 250+ Employees
- Founding year
- 2014
- Language
- English
- Company Type
- Startup
- Working Model
- Full Remote, Hybrid, Onsite
- Industry
- Banking, Finance, Insurance, Internet, IT, Telecommunication
Senior Associate Information Security
- Location
- Vienna
- Working Model
- Hybrid, Onsite
- Diversity
- Open for all genders
- English Only
- English only required
