InfoSec & Cybersecurity Lead
Light
About Light
Light is a Smart Financial Platform (an SFP; not ERP - read our manifesto) set to make it easy, efficient, and transparent for multinational tech companies to manage their finances.
Come join one of Europe's strongest FinTech teams with people from Pleo, Juni, Google, X, AWS, Spotify, Klarna, etc. who are building a new category.
*Visa sponsorship is NOT available at this time*
About the InfoSec & Cybersecurity Lead role
As InfoSec & Cybersecurity Lead, you will own the strategy, architecture, operations, and governance of security across Light’s platform, infrastructure, and internal systems. You will be a core voice in risk decisions, compliance, incident response, and security awareness across the team. In this high-growth environment you’ll balance strategic thinking with hands-on execution.
You will:
Define and evolve the security roadmap aligned with product, growth, and operations priorities
Establish and enforce security policies, standards, and controls
Lead threat modelling, vulnerability management, penetration testing, secure code review, and red teaming
Oversee identity & access management, data encryption, key management, and secrets management
Manage incident detection, response, forensics, and postmortem / root cause analysis
Lead risk assessments (3rd parties, vendor, cloud, supply chain)
Embed secure development practices (DevSecOps) and support engineering in secure architecture
Guide compliance (e.g. SOC 2, ISO 27001, PCI DSS, GDPR / data privacy depending on roadmap)
Provide security training, awareness, and conduct regular security reviews
Partner cross-functionally with product, engineering, operations, legal, audit, and leadership
Key Responsibilities
Area | Responsibilities |
Strategy & Governance | Develop the security strategy, maturity roadmap, and metrics. Report to execs & board-level stakeholders. |
Risk & Compliance | Lead security-related compliance programs, audits, and assessments; manage third-party risk. |
Secure Architecture & Engineering | Review designs, threat model new features, secure system integrations, integrate security into CI/CD. |
Operations & Resilience | Oversee security tooling (SIEM, EDR, IDS/IPS, WAF, etc.), monitor, detect, and respond to security events. |
Incident Response & Continuity | Establish IR plans, run incident simulations, lead real incident triage, learning, and remediation. |
People & Culture | Advocate security mindset, train teams, define role-based access controls, nurture a security-first culture. |
Vendor & Cloud Security | Evaluate and oversee vendor security, cloud infrastructure security, access, permissions, network segmentation. |
…and how you fit into the team:
You combine deep technical knowledge with strategic judgment.
You know how to balance real-world risks with business speed.
You’re hands-on when needed, but also capable of driving policy, awareness, and long-term maturity.
You’ve led security in high-growth environments — and you’re ready to do it again, with impact.
Your qualifications could be:
7+ years’ experience in information security / cybersecurity roles, preferably in fintech, SaaS or payments
Proven experience owning security in a fast-moving, high-growth environment
Deep technical expertise: cloud (AWS, GCP, Azure), network, application security, identity & access, encryption, threat modelling
Hands-on in vulnerability management, penetration test oversight, secure code review, incident response
Familiarity with compliance on financial systems: SOC 2, ISO 27001, PCI, GDPR, etc.
Excellent risk judgment and ability to balance security vs business velocity
Strong communication skills — able to influence non-technical stakeholders and train engineers
Experience leading or scaling a small security team or managing security partnerships
Bonus points:
Prior experience in fintech / financial software / payments
Certifications such as CISSP, CISM, OSCP, CRISC, or equivalent
Experience with specific regulatory standards (e.g. PCI, PSD2, ISO 27001)
Experience in embedding DevSecOps practices / platform security
Success Criteria
Reduction in high/critical vulnerabilities over time
Mean Time To Detect + Respond (MTTD/MTTR) for security incidents
Percentage of code / features that pass security review or threat modelling
Vendor risk coverage and audits completed
Compliance audit results (SOC 2, etc.)
Number of training sessions delivered / security awareness scores
Low incidence of security incidents affecting customers / production
Here’s what to expect in our hiring process…
Intro chat with CTO or Head of Operations (45 min)
Interview with Engineering + Product
Take home challenge
Interview with two colleagues discussing the take home challenge
Culture-fit & leadership interview
Offer
… so a few tips to stand out would be:
Show how you’ve balanced speed and security in a high-growth environment
Demonstrate how you’ve influenced culture — not just control
Share how you’ve measured and communicated risk, coverage, and progress
Walk us through your past playbooks or roadmaps — and how they evolved
Bonus if you can articulate the “why” behind the trade-offs you’ve made
While this is the good stuff...
In addition to being part of a great team and working in a really fun and innovative environment, we offer:
💸 Competitive salary + stock options in our fast-growing startup
🍼 Paid parental leave
🏝 25 days of annual leave + public holidays (in your country)
🥳 Regular socials and company off-sites.
🚀 A huge opportunity to shape a market-defining product and engineering culture
…these are the famous last words:
At Light, we’re building the most trusted financial platform in the world — and trust starts with security. As our InfoSec & Cybersecurity Lead, you’ll help us earn that trust every day.
If you want to lead security at a company where speed and safety go hand in hand, we’d love to hear from you at careers@light.inc
🚀 Join the rocket ship while it’s taking off 🚀