Head of Information Security

Overview

Get AI-powered advice on this job and more exclusive features.

At Ageras, we are redefining how entrepreneurs, freelancers, self-employed professionals, and SMEs manage their banking and administrative tasks. Through seamless tools and innovative banking solutions, we help them focus on what matters most: growing their businesses.

Our vision is to become the best friend of every small entrepreneur across Europe. Over the years, Ageras has grown through the merging of top European FinTechs like Shine, Kontist, Tellow, and more. Today, we’re a team of nearly 500 people, including 150 talented engineers, working together from Paris, Amsterdam, Copenhagen, and Berlin.

The Risk & Compliance team at Ageras is security-focused. We work closely with Engineering, IT, Product, Data and Legal to keep our environment resilient, audit-ready and pragmatic. We aim for “secure by design” without slowing the business.

Your Role

Your role as a Head of Information Security You will lead our information security function end-to-end: own our ISMS and risk governance, land regulatory outcomes (notably DORA and ISO 27001 ), embed security into the SDLC, and strengthen incident readiness. You’ll enable teams to make good security decisions, communicate clearly with executives and partners, and turn complexity into tangible next steps.

Your responsibilities will include:

• Own the ISMS (policies, risk register, KRI) and keep governance practical, measurable and audit-ready.
• Drive regulatory readiness for DORA and ISO 27001 (gap overview, artefacts, timelines, immovable dates incl. the annual report for payment institutions).
• Lead incident preparedness and response: playbooks/runbooks, tabletop exercises, clear roles/on-call, post-incident learning.
• Embed secure-by-design in the SDLC: lightweight security gates (e.g. threat modeling, dependency hygiene, SAST/DAST), developer enablement and metrics.
• Own third-party/vendor risk for critical providers in partnership with Procurement, Legal and Risk.
• Influence & enable: build trust with Eng/IT/Product/Data/Legal; make security a shared responsibility.
• Steer external partners (e.g., ISO support) and plan the hiring of 1 FTE to complete a lean, high-impact team.
• Communicate clearly to executives, partners and (as needed) supervisors.
• Lead and mentor a team (2 security engineers), prioritizing the team's workload, ensuring alignment with the company's security goals and overseeing their professional development.

First months

• Establish a clear baseline of our security posture by reviewing governance, technology and team practices, and refresh the risk register with practical KRIs.
• Create regular working cadences with leaders in Engineering, IT, Product, Data and Legal so that decisions and trade-offs move quickly.
• Publish a prioritised twelve to eighteen month security roadmap with concrete Q1 and Q2 outcomes for DORA, ISO 27001 and incident readiness.
• Schedule and run an incident tabletop, clarify on-call roles and escalation paths, and capture lessons and owner actions.
• Prioritise vendor risk across critical providers and make the audit artefact backlog visible with owners and due dates.
• Align the security operating rhythm by preparing inputs for the risk committee, incident reviews and change advisory.

Job located in Berlin or Paris, with possibility of two remote working days per week.

About you

• Senior leadership experience in product-centric, cloud-heavy environments (scale-up pace or similar).
• Hands-on security governance & risk and regulatory experience relevant to European payment institutions (DORA, ISO 27001).
• Proven record of embedding secure SDLC with Engineering and Product.
• Confident incident leader; calm under pressure; learns fast.
• Clear, concise communicator; able to influence from code review to boardroom.
• Fluent English; French or German is a plus.

Nice to have

• Certifications (e.g., CISSP, CISM, CCSP, AWS Security) used as tools, not crutches.
• Exposure to supervisors (e.g., ACPR, BaFin, FCA) or regulated audits.
• Consulting/fractional CISO background; impact with small teams.

Our recruitment process

• An initial interview (45') with Daniel (Team Lead Talent Acquisition).
• A video interview (45') with Maud (VP Risk & Compliance).
• A Case study interview + Key Stakeholder round.
• An Culture & leadership interview round including a personality and logic test.

What’s In It For You?

• Compensation: Competitive salary depending on experience and location.
• Remote Work Culture: Work from our Berlin or Paris office, with possibility of remote working days.
• Scale-Up Impact: Join a high-growth environment with ~500 passionate people across Europe and multiple acquisitions; your work has direct, measurable impact.
• Modern stack & tools: Cloud-first product, CI/CD, security tooling (e.g., SAST/DAST, dependency scanning), and ISMS/GRC practices.

Equal Opportunity Employer

We follow the principle of equal treatment to consider all job applicants and do not discriminate based on gender, sexual orientation, color, racial or ethnic origin, religion, disability, etc. as per applicable law.

Seniority level

Executive

Employment type

Full-time

Job function

Information Technology

Referrals increase your chances of interviewing at Ageras by 2x

#J-18808-Ljbffr