Chief Information Security Officer (CISO)

Evotym
Barcelona, Spain
5 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Remote
Barcelona, Spain

Tech stack

API
Software System Penetration Testing
Computer Security
DevOps
Identity and Access Management
PCI Data Security Standards
Systems Development Life Cycle
Security Information and Event Management
Devsecops

Job description

As Chief Information Security Officer (CISO), you will define, build, and lead the company's information security program end-to-end. The role is critical for protecting the payment platform, infrastructure, applications, and data while ensuring full compliance with regulatory requirements. You will work closely with technology, product, and operations teams and act as a key point of contact for regulators and auditors., * Define and execute the company-wide information security strategy and roadmap.

  • Build and maintain a compliance framework aligned with FCA, PCI DSS, GDPR/PSD2 requirements.
  • Identify, assess, and manage security risks, including threat modeling and incident response.
  • Lead internal audits, penetration testing, and regular security assessments.
  • Oversee implementation and monitoring of IAM, SIEM, DLP, encryption, and API security solutions.
  • Ensure security of cloud and server infrastructure, networks, and applications through DevSecOps practices.
  • Develop and maintain security policies, standards, and incident response playbooks.
  • Collaborate with product, engineering, and DevOps teams to embed security into SDLC and releases.
  • Drive security awareness and training across the organization.
  • Communicate with regulators, auditors, and external partners on security and compliance topics.
  • The role involves communication with international clients and external stakeholders.

Requirements

Do you have experience in SoC?, * 7+ years of experience in information security, ideally within fintech, EMI, PSP, or payment processing.

  • Strong knowledge of FCA cybersecurity requirements, PCI DSS, GDPR, and PSD2.
  • Proven experience building and operating an organization-wide security program.
  • Hands-on experience with incident response, threat investigation, and SOC/SecOps processes.
  • Solid understanding of cloud and on-prem architectures, security tooling, and DevSecOps practices.

Key Soft Skills

  • Strong ownership and accountability mindset.
  • Clear, confident communication with technical and non-technical stakeholders.
  • Structured, risk-based thinking and decision-making.
  • Ability to operate calmly in high-pressure and incident scenarios.
  • Proactive, improvement-driven approach to security leadership.

Benefits & conditions

  • Strategic leadership role with direct impact on business trust and resilience.
  • Opportunity to shape security at scale in a regulated fintech environment.
  • Close collaboration with senior leadership and key stakeholders.
  • Competitive compensation aligned with senior-level responsibility.
  • Flexible, international working environment.

Apply for this position