Logo Bitpanda GmbH

Director, Information Security

Bitpanda GmbH

Job

  • Level
    Lead
  • Job Field
    IT, DevOps, Security
  • Employment Type
    Full Time
  • Contract Type
    Permanent employment
  • Location
    Vienna
  • Working Model
    Hybrid, Onsite

    • Job Summary

    In this role, you will be responsible for developing and implementing a comprehensive information security strategy, leading a team, and ensuring continuous audit readiness in a regulated environment.

    Job Technologies

    Your role in the team

    • As a Director, Information Security your mission will be to ensure the protection, integrity, and confidentiality of our organisation's information assets.
    • You will manage and grow our GRC function in a regulated fintech environment.
    • You will lead a small team (e.g., Associates to Senior Specialists), own the GRC operating rhythm (risk, controls, audits, third-party oversight), and ensure we stay continuously audit-ready while scaling responsibly.
    • This is a hands-on leadership role: you will set direction, coach and develop the team, and partner with senior stakeholders across Technical Operations, Engineering, IT, Compliance, Risk, Legal, and Procurement to drive effective, proportionate security governance.
    • Define and maintain the multi-year information security strategy and roadmap aligned with business objectives, risk appetite, and regulatory requirements.
    • Establish security governance: decision forums, risk acceptance thresholds, exception processes, and clear accountability across the organization.
    • Ensure effective enterprise security risk management, including identification of material risks, treatment plans, and board-level reporting.
    • Lead, scale and oversee security capabilities across domains (GRC/ISMS, Security Operations, AppSec, Cloud/Infrastructure Security, IAM, Security Architecture).
    • Ensure security is embedded into product and engineering delivery (secure SDLC, threat modeling, security-by-design guardrails).
    • Define security standards, controls, and minimum baselines; drive consistent implementation across entities, regions, and critical systems.
    • Oversee external and internal assurance programs (e.g., ISO 27001, SOC 2, PCI DSS, partner assurance) and ensure continuous audit readiness.
    • Lead/coordinate security-facing regulatory engagement: examinations, requests for information, remediation commitments, and follow-ups.
    • Ensure security requirements are integrated with broader compliance obligations and operational resilience expectations.
    • Set third-party security strategy for critical suppliers (due diligence, ongoing monitoring, contractual security requirements, and exit/continuity considerations).
    • Ensure oversight of outsourcing/critical ICT providers consistent with regulatory expectations and business criticality.
    • Act as an advisor at all levels: communicate security risk in business terms and drive alignment on tradeoffs.
    • Partner with Engineering, Product, IT, Compliance, Risk, Legal, Procurement, and Internal Audit to deliver outcomes.
    • Champion security awareness and accountability across the company.

    This text has been machine translated. Show original

    Our expectations of you

    Qualifications

    • Demonstrated success in building and scaling security programs in regulated environments (fintech/financial services preferred).
    • Strong grasp of security governance and risk management, plus practical understanding of modern cloud/security architecture and engineering practices.
    • Excellent executive and technical communication: able to brief board/executive audiences and represent the company externally, as well as being able to discuss technical requirements and implementations with the First Line of Defence (1LoD).

    Experience

    • Typically 10-15+ years in information security, including leadership of multiple security domains and senior stakeholder management.
    • Experience in implementing ICT-related regulatory frameworks (e.g., DORA, BaFin).
    • Proven experience with incident leadership and crisis management.
    • Extensive experience with assurance and frameworks (e.g., ISO 27001, SOC 2, NIST), including translating requirements into operating programs.

    This text has been machine translated. Show original

    What we offer

    • Flexibility to work where you thrive - Enjoy the freedom of our Hybrid working model, combining onsite collaboration and remote work, with an additional 25 days per year to work from a city or country of your choice.
    • Receive a competitive total compensation package aligned with Bitpanda's pay-for-impact policy, including participation in our stock option plan.
    • Access confidential coaching, counselling, and mental health resources whenever you need them through OpenUP.
    • Take extra time off to rest, reset, and recharge, with 3 additional days off in 2026 to prioritise your wellbeing.
    • Grow your skills and stay ahead in your career with unlimited access to Udemy's library of online courses at your own pace.
    • Enjoy discounts, rewards, and perks from partners worldwide across lifestyle, wellness, tech, and travel.
    • Take advantage of our additional 8 weeks of gender-neutral new parent leave to welcome and bond with your new addition to the family.
    • Richten Sie Ihr Home-Office genau so ein, wie Sie es möchten, mit einem festen Budget für Komfort und Produktivität.
    • Pandas in Vienna, Bucharest, Barcelona, and Berlin can enjoy free onsite dining, with freshly prepared lunches and snacks to keep you fuelled and focused all day long.
    • Celebrate milestones and achievements with recognition and rewards for your Tenure at Bitpanda.
    • Access exclusive Bitpanda-branded merchandise and gear to represent.
    • Join unforgettable company events, from our Winter Party in Vienna to summer gatherings worldwide, fostering fun, connection, and celebration.

    This text has been machine translated. Show original

    Benefits

    Health, Fitness & Fun

    Food & Drink

    Work-Life-Integration

    More net

    Topics that you deal with on the job

    Job Locations

    Map of company locations

    • Location Vienna

      Austria

    This is your employer

    Bitpanda GmbH

    Bitpanda GmbH

    Wien

    At Bitpanda, we strongly believe in the innovative power of cryptocurrencies, digital assets and blockchain technology. Our mission is to remove barriers to personal finance and bring traditional financial products into the 21st century. With 1.2 million users and more than 270 team members from over 44 different countries, Bitpanda is leading the way in inclusive finance.

    Description

  • Company Size
    250+ Employees
  • Founding year
    2014
  • Language
    English
  • Company Type
    Startup
  • Working Model
    Full Remote, Hybrid, Onsite
  • Industry
    Banking, Finance, Insurance, Internet, IT, Telecommunication

    • Dev Reviews

    by devworkplaces.com

    Total

    (1 Review)
    3.2

    • Career Growth

      3.2

    • Culture

      3.7

    • Workingconditions

      3.6

    • Engineering

      2.6
    Show All Dev Reviews
    Logo Bitpanda GmbH

    Director, Information Security

    Bitpanda GmbH
    Location
    Vienna
    Working Model
    Hybrid, Onsite
    Diversity
    Open for all genders
    English Only
    English only required

    More Jobs