Job
- Level
- Senior
- Job Field
- IT, Security, Test/QA
- Employment Type
- Full Time
- Contract Type
- Permanent employment
- Location
- Vienna
- Working Model
- Hybrid, Onsite
Job Summary
In this role, you will lead security governance in a regulated fintech environment, owning GRC domains and developing risk management strategies for critical vendors.
Job Technologies
Your role in the team
- As an Information Security Senior Specialist, you will lead and scale major elements of our security governance in a regulated fintech environment.
- You will own complex, cross-functional GRC domains (e.g., ISMS/ISO 27001 at scale, regulatory readiness, enterprise technology risk, third-party risk for critical vendors, compliance in key partnerships), drive measurable improvement in control effectiveness, and act as a trusted advisor to senior stakeholders.
- Own and evolve one or more GRC domains end-to-end (e.g., ISMS operations, BCM, risk governance), including strategy, annual plan, cadences, and success metrics.
- Drive control rationalization and proportionality: tighten controls for critical/regulated assets and streamline low-risk areas to ensure an efficient, risk-aligned posture.
- Facilitate and challenge high-impact risk assessments (new products, major architectural changes, critical vendors), ensuring consistency and defensible rationale.
- Drive risk treatment at scale: align owners, negotiate timelines, track commitments, and escalate where residual risk remains above appetite.
- Lead complex audits and assessments end-to-end (multi-entity, regulator-facing), including readiness, walkthroughs, and remediation.
- Design and run a risk-based control testing program to identify weaknesses and drive durable remediation (process fixes, automation, tooling) while translating regulatory requirements into structured internal work programs.
- Set due diligence depth and ongoing monitoring requirements for critical suppliers (e.g., cloud, payments, identity, SaaS); partner with Procurement/Legal on security contract requirements to ensure enforceable obligations and measurable oversight across the supply chain.
- Mentor Specialists, Associates, and Senior Associates; set quality standards for documentation, evidence, and stakeholder engagement.
- Act as a "GRC translator" for engineering and operations teams, helping them implement requirements efficiently and consistently across the organization.
This text has been machine translated. Show original
Our expectations of you
Qualifications
- Proven track record leading audits/assessments and driving remediation across multiple teams and systems.
- Starkes praktisches Wissen in ISO 27001 und DORA (und/oder SOC 2 / PCI DSS / NIST) mit der Fähigkeit, Kontrollen zu entwerfen, Nachweise zu definieren und die Wirksamkeit zu testen.
- Strong understanding of technology risk across cloud, IAM, SDLC governance, incident management, vulnerability management, logging/monitoring, and third-party risk.
- Excellent written and verbal communication; able to produce executive-ready materials and auditor-facing narratives.
Experience
- Typically 6-10 years of experience in information security GRC, audit/assurance, risk management, compliance, or adjacent security roles.
This text has been machine translated. Show original
What we offer
- Flexibility to work where you thrive - Enjoy the freedom of our Hybrid working model, combining onsite collaboration and remote work, with an additional 25 days per year to work from a city or country of your choice.
- Receive a competitive total compensation package aligned with Bitpanda's pay-for-impact policy, including participation in our stock option plan.
- Access confidential coaching, counselling, and mental health resources whenever you need them through OpenUP.
- Take extra time off to rest, reset, and recharge, with 3 additional days off in 2026 to prioritise your wellbeing.
- Grow your skills and stay ahead in your career with unlimited access to Udemy's library of online courses at your own pace.
- Enjoy discounts, rewards, and perks from partners worldwide across lifestyle, wellness, tech, and travel.
- Take advantage of our additional 8 weeks of gender-neutral new parent leave to welcome and bond with your new addition to the family.
- Richten Sie Ihr Home-Office genau so ein, wie Sie es möchten, mit einem festen Budget für Komfort und Produktivität.
- Pandas in Vienna, Bucharest, Barcelona, and Berlin can enjoy free onsite dining, with freshly prepared lunches and snacks to keep you fuelled and focused all day long.
- Celebrate milestones and achievements with recognition and rewards for your Tenure at Bitpanda.
- Access exclusive Bitpanda-branded merchandise and gear to represent.
- Join unforgettable company events, from our Winter Party in Vienna to summer gatherings worldwide, fostering fun, connection, and celebration.
This text has been machine translated. Show original
Benefits
Health, Fitness & Fun
Food & Drink
Work-Life-Integration
More net
Topics that you deal with on the job
Job Locations
This is your employer
Bitpanda GmbH
Wien
At Bitpanda, we strongly believe in the innovative power of cryptocurrencies, digital assets and blockchain technology. Our mission is to remove barriers to personal finance and bring traditional financial products into the 21st century. With 1.2 million users and more than 270 team members from over 44 different countries, Bitpanda is leading the way in inclusive finance.
Description
- Company Size
- 250+ Employees
- Founding year
- 2014
- Language
- English
- Company Type
- Startup
- Working Model
- Full Remote, Hybrid, Onsite
- Industry
- Banking, Finance, Insurance, Internet, IT, Telecommunication
Senior Information Security Specialist
- Location
- Vienna
- Working Model
- Hybrid, Onsite
- Diversity
- Open for all genders
- English Only
- English only required
