Job Description

At Ageras, we are redefining how entrepreneurs, freelancers, self-employed professionals, and SMEs - manage their banking and administrative tasks. Through seamless tools and innovative banking solutions, we help them focus on what matters most: growing their businesses.


Our vision is to become the best friend of every small entrepreneur across Europe.





Over the years, Ageras has grown through the merging of top European FinTechs like Shine (), Kontist (), Tellow (), and more. Today, we’re a team of nearly 500 people, including 150 talented engineers, working together from Paris, Amsterdam, Copenhagen, and Berlin.

The Risk & Compliance team at Ageras

-----------------------------------------


Security is core to our promise to customers and partners. Within Risk & Compliance, we work closely with Engineering, IT, Product, Data and Legal to keep our environment resilient, audit-ready and pragmatic. We aim for “secure by design” without slowing the business.

Your role as a Head of Information Security

-----------------------------------------------


You will lead our information security function end-to-end: own our ISMS and risk governance, land regulatory outcomes (notably

DORA

and

ISO 27001

), embed security into the

SDLC

, and strengthen incident readiness. You’ll enable teams to make good security decisions, communicate clearly with executives and partners, and turn complexity into tangible next steps.

Your responsibilities will include:

Own the ISMS

(policies, risk register, KRI) and keep governance practical, measurable and audit-ready.

Drive regulatory readiness

for

DORA

and

ISO 27001

(gap overview, artefacts, timelines, immovable dates incl. the annual report for payment institutions).

Lead incident preparedness and response

: playbooks/runbooks, tabletop exercises, clear roles/on-call, post-incident learning.

Embed secure-by-design in the SDLC

: lightweight security gates (e.g. threat modeling, dependency hygiene, SAST/DAST), developer enablement and metrics.

Own third-party/vendor risk

for critical providers in partnership with Procurement, Legal and Risk.

Influence & enable

: build trust with Eng/IT/Product/Data/Legal; make security a shared responsibility.

Steer external partners

(e.g., ISO support) and plan the hiring of 1 FTE to complete a lean, high-impact team.

Communicate clearly

to executives, partners and (as needed) supervisors.

Lead and mentor a team

(2 security engineers), prioritizing the team's workload, ensuring alignment with the company's security goals and overseeing their professional development.

Your first months

You establish a clear baseline of our security posture by reviewing governance, technology and team practices, and you refresh the risk register with practical KRIs. You create regular working cadences with leaders in Engineering, IT, Product, Data and Legal so that decisions and trade offs move quickly. You publish a prioritised twelve to eighteen month security roadmap with concrete Q1 and Q2 outcomes for DORA, ISO 27001 and incident readiness. You schedule and run an incident tabletop, you clarify on call roles and escalation paths, and you capture lessons and owner actions. You prioritise vendor risk across critical providers and you make the audit artefact backlog visible with owners and due dates. You align the security operating rhythm by preparing inputs for the risk committee, incident reviews and change advisory.

Job located in Berlin or Paris, with possibility of two remote working days per week.

About you

-------------

Senior leadership experience in

product-centric

, cloud-heavy environments (scale-up pace or similar). Hands-on

security governance & risk

and

regulatory

experience relevant to European payment institutions (

DORA, ISO 27001

). Proven record of embedding

secure SDLC

with Engineering and Product. Confident

incident leader

; calm under pressure; learns fast. Clear, concise communicator; able to influence from code review to boardroom.

Fluent English

;

French or German

is a plus.

Nice to have

Certifications (e.g., CISSP, CISM, CCSP, AWS Security) used as tools, not crutches. Exposure to supervisors (e.g.,

ACPR, BaFin, FCA

) or regulated audits. Consulting/fractional CISO background; impact with small teams.

Our recruitment process

---------------------------


1?? An initial interview (45') with Daniel (Team Lead Talent Acquisition),


2?? A video interview (45') with Maud (VP Risk & Compliance)


3?? A Case study interview + Key Stakeholder round


4?? An Culture & leadership interview round including a personality and logic test

What’s In It For You?

-------------------------

Compensation:

Competitive salary depending on experience and location.

Remote Work Culture:

Work from our

Berlin

or

Paris

office, with possibility of remote working days.

Scale-Up Impact:

Join a high-growth environment with ~

500

passionate people across Europe and multiple acquisitions; your work has direct, measurable impact.

Modern stack & tools:

Cloud-first product, CI/CD, security tooling (e.g., SAST/DAST, dependency scanning), and ISMS/GRC practices.

Equal Opportunity Employer

We follow the principle of equal treatment to consider all job applicants and do not discriminate based on their gender, sexual orientation, color, racial or ethnic origin, religion, disability, etc. as per applicable law.