Head Of Information Security H/F Alma

Your mission

You will lead Alma's Information Security and IT teams (6 FTEs supervised) and report to the General Secretary. You'll define the strategy, steer execution, and foster a culture of security-by-design across the company, partnering closely with executives and crossfunctional leaders.

What you'll do Proposal

Manage

- Lead a 6person team across IT and Security; set objectives, coach, and develop talent;
- Structure and prioritize work across roadmap, ensuring delivery and accountability;
- Define the budgetary needs to carry out the defined missions.

Governance, Compliance, and Risk management

- Ensure the company's cyber steering and governance;
- Identify cybersecurity issues and risks;
- Define and maintain security policies, procedures, and guidelines. Ensure their implementation;
- Manage relationships/interfaces with security stakeholders in banking regulation;
- Build and run the information security program, ensuring alignment with key regulations and industry frameworks:
- PSD2, DORA, EBA Guidelines, GDPR.
- SOC 2, ISO 27001, PCI-DSS, and related standards.

Support the Business

- Provide support for crossfunctional projects, RFI/RFPs;
- Act as an advisor, providing assistance, information, training, and alerts to various functions/departments (HR, Procurement, Engineering, Sales...).

Protect

- Define the organizational and technical measures to be implemented to achieve the defined security objectives. Monitor and measure their implementation;
- Promote a cyber culture for users and management;
- Provide support during assessments and audits carried out by internal and external stakeholders.

Detect and Respond

- Lead threat detection activities across the different information systems;
- Lead security incident response;
- Ensure that the security crisis management framework is operational.

Ensure Business Continuity/Recovery

- Evolve the Business Continuity Plan (BCP) and Disaster Recovery Plans (DRP);
- Define and supervise DRP tests;
- Ensure a cyberresilience strategy.

Awareness and Training

- Develop and maintain a strong security awareness program with measurable impact;
- Run regular internal (and when relevant, external) sessions to test and improve adherence to security policies and procedures.

What we're looking for

- Proven experience leading Information Security programs in a highgrowth, product/techdriven environment - ideally in the banking & payment sector
- Experience managing combined IT & Security scopes is a plus;
- Team leadership: coaching, hiring, and developing talent; fostering a culture of security-by-design and continuous improvement;
- Excellent stakeholder management and communication skills; comfortable advising executives and collaborating across Engineering, Product, Data, Legal, and People;
- Strong knowledge of SOC2, ISO27001; handson track record implementing controls and passing audits;
- Strong knowledge of cloud and systems architectures, databases, and applications.
- Knowledge of security tools and technologies (XDR, EDR, Security Operation center management, vulnerability management, phishing platform, etc.)
- Demonstrated capability in risk management, incident response, and threatinformed decisionmaking;
- Practical experience with vulnerability management, BCP/DRP;
- Fluency in English;

Hiring process

- Intro call with Talent
- Conversation with Hiring Manager (General Secretary)
- Business Case (with the Infosec team)
- Crossfunctional interviews (Legal, Internal Control, Compliance)
- Final conversation with our co-founder