Director, Information Security

Director, Information Security

Who we are

We simplify wealth creation. Founded in 2014 in Vienna, Austria by Eric Demuth, Paul Klanschek and Christian Trummer, we're here to help people trust themselves enough to build their financial freedom -- for now and the future. Our user-friendly, trade-everything platform empowers both first-time investors and seasoned experts to invest in the cryptocurrencies, crypto indices, stocks*, precious metals and commodities* they want -- with any sized budget, 24/7. Our global team works across different cultures and time zones, bringing our products to more than 6 million customers, making us one of Europe's safest and most secure platforms that powers modern investing.

Headquartered in Austria but operating across Europe, our products are built by fast-moving, talented, "roll-up-your-sleeves-and-make-it-happen" kind of people. It's these diverse perspectives and innovative minds operating as ONE TEAM that keep Bitpanda at the cutting edge of our industry. So if you're someone who thinks big, moves fast and wants to make an impact right from day one, then get ready to join our industry-changing team. Let's go!

Your mission

As a Director, Information Security your mission will be to ensure the protection, integrity, and confidentiality of our organisation's information assets. You will manage and grow our GRC function in a regulated fintech environment. You'll lead a small team (e.g., Associates to Senior Specialists), own the GRC operating rhythm (risk, controls, audits, third-party oversight), and ensure we stay continuously audit-ready while scaling responsibly.

This is a hands-on leadership role: you will set direction, coach and develop the team, and partner with senior stakeholders across Technical Operations, Engineering, IT, Compliance, Risk, Legal, and Procurement to drive effective, proportionate security governance.

What You'll Do

• Strategy, governance & risk accountability: Define and maintain the multi-year information security strategy and roadmap aligned with business objectives, risk appetite, and regulatory requirements. Establish security governance: decision forums, risk acceptance thresholds, exception processes, and clear accountability across the organization. Ensure effective enterprise security risk management, including identification of material risks, treatment plans, and board-level reporting.
• Security program leadership (end-to-end): Lead, scale and oversee security capabilities across domains (GRC/ISMS, Security Operations, AppSec, Cloud/Infrastructure Security, IAM, Security Architecture). Ensure security is embedded into product and engineering delivery (secure SDLC, threat modeling, security-by-design guardrails). Define security standards, controls and minimum baselines; drive consistent implementation across entities, regions, and critical systems.
• Compliance, audits & regulatory engagement: Oversee external and internal assurance programs (e.g., ISO 27001, SOC 2, PCI DSS, partner assurance) and ensure continuous audit readiness. Lead/coordinate security-facing regulatory engagement: examinations, requests for information, remediation commitments, and follow-ups. Ensure security requirements are integrated with broader compliance obligations and operational resilience expectations.
• Third-party & supply chain security: Set third-party security strategy for critical suppliers (due diligence, ongoing monitoring, contractual security requirements, and exit/continuity considerations). Ensure oversight of outsourcing/critical ICT providers consistent with regulatory expectations and business criticality.
• Stakeholder management & security culture: Act as an advisor at all levels: communicate security risk in business terms and drive alignment on tradeoffs. Partner with Engineering, Product, IT, Compliance, Risk, Legal, Procurement, and Internal Audit to deliver outcomes. Champion security awareness and accountability across the company.

Who You Are

• Typically 10-15+ years in information security, including leadership of multiple security domains and senior stakeholder management.
• Demonstrated success building and scaling security programs in regulated environments (fintech/financial services preferred).
• Experience in implementing ICT related regulatory frameworks (e.g. DORA, BaFin)
• Strong grasp of security governance and risk management, plus practical understanding of modern cloud/security architecture and engineering practices.
• Proven experience with incident leadership and crisis management.
• Extensive experience with assurance and frameworks (e.g., ISO 27001, SOC 2, NIST), including translating requirements into operating programs.
• Excellent executive and technical communication: able to brief board/executive audiences and represent the company externally, as well as being able to discuss technical requirements and implementations with the First Line of Defence (1LoD).

Leadership profile

• You balance pragmatism and rigor: protect the company while enabling growth and product velocity.
• You are decisive and transparent about risks, and you drive accountability to closure.
• You can operate at board level while still understanding technical realities and delivery constraints.
• You build high-trust partnerships across the business and influence without relying on "security says no."
• You lead calmly under pressure and set a culture of ownership, learning, and continuous improvement.

What's in it for you

• Flexibility to work where you thrive - Enjoy the freedom of our Hybrid working model, combining onsite collaboration and remote work, with an additional 25 days per year to work from a city or country of your choice.
• Reward for your impact - Receive a competitive total compensation package aligned with Bitpanda's pay-for-impact policy, including participation in our stock option plan.
• Support for your mental wellbeing - Access confidential coaching, counselling, and mental health resources whenever you need them through OpenUP.
• Time to recharge - Take extra time off to rest, reset, and recharge, with 3 additional days off in 2026 to prioritise your wellbeing.
• Continuous learning and growth - Grow your skills and stay ahead in your career with unlimited access to Udemy's library of online courses at your own pace.
• Exclusive perks and rewards - Enjoy discounts, rewards, and perks from partners worldwide across lifestyle, wellness, tech, and travel.
• Support during life milestones - Take advantage of our additional 8 weeks of gender-neutral new parent leave to welcome and bond with your new addition to the family.
• Create a productive workspace at home - Set up your home office exactly how you want it with a dedicated budget for comfort and productivity.
• Fuel and focus on-site - Pandas in Vienna, Bucharest, Barcelona, and Berlin can enjoy free onsite dining, with freshly prepared lunches and snacks to keep you fuelled and focused all day long.
• Recognition for your contributions - Celebrate milestones and achievements with recognition and rewards for your Tenure at Bitpanda.
• Show your Bitpanda pride - Access exclusive Bitpanda-branded merchandise and gear to represent.
• Connect and celebrate with your team - Join unforgettable company events, from our Winter Party in Vienna to summer gatherings worldwide, fostering fun, connection, and celebration

.…and even more location-specific benefits designed to make life at Bitpanda even more rewarding wherever you are.

Above all, you will have the opportunity to learn and grow as part of Bitpanda's incredible journey towards being Europe's future #1 investment platform.

Bitpanda is committed to fostering a fair and equal environment based on trust and mutual respect. We believe that a diverse and inclusive workplace is paramount to our success and we are committed to building a team that represents a wide variety of backgrounds, perspectives, and skills.

* These benefits may be adjusted at Bitpanda's discretion and do not apply to our internships and exceptions to our Hybrid Working policy apply to teams with shift schedules or for folks whose roles require them to be in-office (think: Workplaces team or IT).

Apply