The Company

Striga is a YCombinator backed financial technology company with its place of operations and office in Tallinn, Estonia. As the first entity to secure a Virtual Asset Service Provider’s license from the Estonian Financial Intelligence Unit under the new licensing regime of 2022, Striga is a payments platform for businesses to build applications on without doing any of the heavy lifting related to regulatory compliance and building compliant software to blend crypto services and traditional financial services. 

We are seeking an experienced Information Security Manager to lead the company's information security function and ensure adherence to applicable legal and regulatory requirements. This role is critical in developing and implementing a comprehensive information security framework within the company, with heavy involvement in ensuring compliance with the DORA (Digital Operational Resilience Act) regulatory framework. You will set the strategic direction for our information security strategy, implement relevant policies, deploy hands-on technical solutions and internal controls, and promote a healthy culture of ICT risk management and cyber hygiene across the organization.

The ideal candidate has a strong technical background combined with strategic thinking and excellent leadership skills. You will report to the Director of Risk and work cross-functionally to support sound, sustainable decision-making in line with the company's business objectives. This opportunity is ideal for someone with a proactive attitude, capability of proposing initiatives and developing new ideas autonomously, and strong communication skills to ensure effective collaboration and positive results. This position is based onsite at our offices in Tallinn, Estonia.

What you'll do:

• Develop, implement and monitor a strategic, comprehensive enterprise information security and ICT risk management program, aligning technical controls with regulatory and business requirements.
• Develop, maintain and enhance an information security management framework and all related policies and processes, including procedures and operational processes aligned to DORA, ISO27001, and other relevant frameworks.
• Implement, monitor, and harden technical security controls across cloud, on-prem, and software systems; lead vulnerability management, penetration testing, and incident response.
• Collaborate with global technical teams to ensure consistent application of security policies and standards across projects, services, and systems.
• Ensure the identification, assessment, monitoring, analysis, and management of ICT risks across various business units and processes within the company.
• Assist with overall technology and information security strategy planning, providing current knowledge and future vision of technology and systems.
• Report to the Management Board and, where applicable, the Supervisory Board on information security and ICT risk management related matters, as required by law or internal policy.
• Act as the main point of contact or in co-operation with control functions for regulators, auditors, and other external parties relevant to information security, unless otherwise required by law.
• Conduct and oversee internal reviews to test the effectiveness of implemented information security and ICT risk management systems.
• Ensure awareness of relevant information security and ICT risk management obligations and that appropriate training and guidance are in place for employees.
• Support the company's business objectives by ensuring that information security and ICT risk management measures enable sustainable growth.

What we're looking for:

• 5+ years of experience in information security operations and/or management.
• Higher education with a preference for STEM or Business related fields.
• Solid understanding of information security related regulations (e.g. DORA), standards (e.g. ISO27001, SOC2) and guidelines, both EU and local.
• Meaningful experience in implementation and oversight of information security related functions and/or teams.
• Practical experience with cloud hosting platforms (AWS, Azure, GCP), secure system configuration, vulnerability management, and implementation of security frameworks (such as OWASP Top 10).
• Solid project management skills and a structured way of working.
• Strong communication and leadership ability to ensure effective collaboration and positive results.
• Full working proficiency in Estonian and English.
• Familiarity with shell scripting, provisioning linux machines, firewalls, networks and logging/monitoring systems is a plus.
• Experience working with ISO27001 requirements, audits and pentesters is a bonus.

We encourage you to apply even if you may feel like your knowledge and experience do not precisely meet every point of this job description. At Striga, we support our team’s growth and development over time.

We process the personal data of job applicants in accordance with our Privacy Policy, found on the website www.striga.com. Your application confirms your consent to our data practices.