Job
- Level
- Senior
- Job Feld
- IT, Security, Test/QA
- Anstellung
- Vollzeit
- Vertragsart
- Unbefristetes Dienstverhältnis
- Ort
- Wien
- Arbeitsmodell
- Hybrid, Onsite
Job Zusammenfassung
In dieser Position führst du Sicherheitsgovernance in einem regulierten Fintech-Umfeld, übernimmst Verantwortung für GRC-Domänen und entwickelst Risiko-Management-Strategien für kritische Anbieter.
Job Technologien
Deine Rolle im Team
- As an Information Security Senior Specialist, you will lead and scale major elements of our security governance in a regulated fintech environment.
- You'll own complex, cross-functional GRC domains (e.g., ISMS/ISO 27001 at scale, regulatory readiness, enterprise technology risk, third-party risk for critical vendors, compliance in key partnerships), drive measurable improvement in control effectiveness, and act as a trusted advisor to senior stakeholders.
- Own and evolve one or more GRC domains end-to-end (e.g., ISMS operations, BCM, risk governance), including strategy, annual plan, cadences, and success metrics.
- Drive control rationalization and proportionality: tighten controls for critical/regulated assets and streamline low-risk areas to ensure an efficient, risk-aligned posture.
- Facilitate and challenge high-impact risk assessments (new products, major architectural changes, critical vendors), ensuring consistency and defensible rationale.
- Drive risk treatment at scale: align owners, negotiate timelines, track commitments, and escalate where residual risk remains above appetite.
- Lead complex audits and assessments end-to-end (multi-entity, regulator-facing), including readiness, walkthroughs, and remediation.
- Design and run a risk-based control testing program to identify weaknesses and drive durable remediation (process fixes, automation, tooling) while translating regulatory requirements into structured internal work programs.
- Set due diligence depth and ongoing monitoring requirements for critical suppliers (e.g., cloud, payments, identity, SaaS); partner with Procurement/Legal on security contract requirements to ensure enforceable obligations and measurable oversight across the supply chain.
- Mentor Specialists, Associates, and Senior Associates; set quality standards for documentation, evidence, and stakeholder engagement.
- Act as a "GRC translator" for engineering and operations teams, helping them implement requirements efficiently and consistently across the organization.
Unsere Erwartungen an dich
Qualifikationen
- Proven track record leading audits/assessments and driving remediation across multiple teams and systems.
- Strong working knowledge of ISO 27001 and DORA (and/or SOC 2 / PCI DSS / NIST) with ability to design controls, define evidence, and test effectiveness.
- Strong understanding of technology risk across cloud, IAM, SDLC governance, incident management, vulnerability management, logging/monitoring, and third-party risk.
- Excellent written and verbal communication; able to produce executive-ready materials and auditor-facing narratives.
Erfahrung
- Typically 6-10 years of experience in information security GRC, audit/assurance, risk management, compliance, or adjacent security roles.
Unser Angebot
- Flexibility to work where you thrive - Enjoy the freedom of our Hybrid working model, combining onsite collaboration and remote work, with an additional 25 days per year to work from a city or country of your choice.
- Receive a competitive total compensation package aligned with Bitpanda's pay-for-impact policy, including participation in our stock option plan.
- Access confidential coaching, counselling, and mental health resources whenever you need them through OpenUP.
- Take extra time off to rest, reset, and recharge, with 3 additional days off in 2026 to prioritise your wellbeing.
- Grow your skills and stay ahead in your career with unlimited access to Udemy's library of online courses at your own pace.
- Enjoy discounts, rewards, and perks from partners worldwide across lifestyle, wellness, tech, and travel.
- Take advantage of our additional 8 weeks of gender-neutral new parent leave to welcome and bond with your new addition to the family.
- Set up your home office exactly how you want it with a dedicated budget for comfort and productivity.
- Pandas in Vienna, Bucharest, Barcelona, and Berlin can enjoy free onsite dining, with freshly prepared lunches and snacks to keep you fuelled and focused all day long.
- Celebrate milestones and achievements with recognition and rewards for your Tenure at Bitpanda.
- Access exclusive Bitpanda-branded merchandise and gear to represent.
- Join unforgettable company events, from our Winter Party in Vienna to summer gatherings worldwide, fostering fun, connection, and celebration.
Benefits
Gesundheit, Fitness & Fun
Essen & Trinken
Work-Life-Integration
Mehr Netto
Themen mit denen du dich im Job beschäftigst
Job Standorte
Das ist dein Arbeitgeber
Bitpanda GmbH
Wien
Bei Bitpanda glauben wir an die innovative Kraft von Kryptowährungen, digitalen Assets und der Blockchain-Technologie. Unsere Mission ist es, die Barriere für den Zugang zu finanziellen Mitteln abzubauen und herkömmliche Finanzprodukte ins 21. Jahrhundert zu übertragen. Durch unseren einzigartigen Ansatz haben wir bereits 1,2 Million Nutzer gewonnen und unser Team besteht aus mehr als 270 Experten aus 44 verschiedensten Ländern.
Description
- Unternehmensgröße
- 250+ Employees
- Gründungsjahr
- 2014
- Sprachen
- Englisch
- Unternehmenstyp
- Startup
- Arbeitsmodell
- Full Remote, Hybrid, Onsite
- Branche
- Banken, Finanz, Versicherung, Internet, IT, Telekom
Senior Information Security Specialist
- Ort
- Wien
- Arbeitsmodell
- Hybrid, Onsite
- Diversität
- Für alle Personen geeignet (m/w/d)
- Nur Englisch
- Nur Englisch erforderlich
