Head of Information Security

About the role and team

We are looking for a Head of Information Security to lead and manage our cybersecurity function.

As the leader of the team, you’ll be responsible for driving our efforts toward ensuring that our customers and employees stay safe: you will do so leveraging automation, being an advisor and evangelizing best security practices. As a manager you will use your experience and technical acumen to lead the security function, coaching and mentoring your security engineers.

To convey a sense of scale, here are a few numbers:

• Around 120 people are in the engineering function
• 12 cross-functional agile teams, grouped into 4 teams of teams
• Around 40 microservices [ruby on rails, golang]
• Around 10 million unique users per month
• Up to 15-20k HTTP requests per second served

And plenty of bots and bad actors that are trying to breach our perimeter, steal our customers' financial information and commit fraud.

What you’ll do

• You are responsible for the entire security team's project success and overall protection of user data and intellectual property.
• You’ll maintain security policy compliance, spearhead security projects, and manage technical staff.
• Develop and implement a comprehensive information security strategy aligned with objectives and regulatory requirements.
• Conduct risk assessments to identify vulnerabilities and potential threats in the organization's systems and processes.
• Directly oversee security systems and infrastructure monitoring, promptly identifying and responding to security incidents.
• Assess and oversee the security aspects of third-party vendors and service providers.
• Liaise with Product Development, Platform, Legal and Data Protection to advise on best practices and influence their roadmap

All in a work environment where people from all backgrounds can thrive and grow. Your impact will help millions of people buy and sell the objects of their dreams.

Who you are

• 2+ years of experience as a manager
• 8+ years of experience in the security domain
• Deep understanding of technical security controls requirements and emerging security trends.
• Experience of implementing security detection and response controls within one the major cloud providers (AWS, GCP, Azure)
• Ability to translate technical security issues to a large audience and gather their support.
• Experience with corporate security controls on MacOS.
• Excellent communication skills in English, including communicating well across different functions and different levels in an organization.

Bonus if you

• Experience in scale-ups and ability to cope with ambiguity and changing business requirements
• Hands-on experience implementing security controls (i.e. bot detection, WAF) for an environment deployed on GCP, using a major vendor such as Akamai, Cloudflare and similar
• Experience with security regulations such as ISO27001, NIST, or CIS Controls

Where you’ll be

This role is based in our Amsterdam office, the Netherlands and reports to our VP Engineering