Information Security Manager
LightsparkEstonia15 hours ago
Full-timeInformation Technology
Track This Job
Add this job to your tracking list to:
- Monitor application status and updates
- Change status (Applied, Interview, Offer, etc.)
- Add personal notes and comments
- Set reminders for follow-ups
- Track your entire application journey
Save This Job
Add this job to your saved collection to:
- Access easily from your saved jobs dashboard
- Review job details later without searching again
- Compare with other saved opportunities
- Keep a collection of interesting positions
- Receive notifications about saved jobs before they expire
AI-Powered Job Summary
Get a concise overview of key job requirements, responsibilities, and qualifications in seconds.
Pro Tip: Use this feature to quickly decide if a job matches your skills before reading the full description.
Lightspark is building open payments for the Internet—always-on payment solutions powered by Bitcoin, the only open, neutral network for moving value. With enterprise tools like Connect, UMA, and Spark, businesses can send and receive money instantly, securely, and at a fraction of the cost, anytime, anywhere. Lightspark is headquartered in Los Angeles, California, but serves the world.
This role sits within Striga, a Lightspark company, based in Tallinn, Estonia. Together, we’re building Lightspark’s European payments platform — connecting fiat and crypto rails to enable faster, more efficient money movement across borders
We’re looking for a hands-on Information Security Manager to help establish and maintain our security and compliance framework in Europe, ensuring readiness for Estonian and EU regulatory requirements (e.g., DORA, ISO27001). This role balances technical execution, ICT risk management, and regulatory governance—partnering closely with our Director of Risk, as well as U.S. and EU-based advisors, to build a scalable and compliant security posture.
You’ll be both a builder and an operator—implementing controls, hardening systems, managing risk, and ensuring the company’s security measures enable growth while meeting regulatory expectations.
WHAT YOU’LL BE DOING:
We will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the State of California Fair Chance Initiative for Hiring.
This role sits within Striga, a Lightspark company, based in Tallinn, Estonia. Together, we’re building Lightspark’s European payments platform — connecting fiat and crypto rails to enable faster, more efficient money movement across borders
We’re looking for a hands-on Information Security Manager to help establish and maintain our security and compliance framework in Europe, ensuring readiness for Estonian and EU regulatory requirements (e.g., DORA, ISO27001). This role balances technical execution, ICT risk management, and regulatory governance—partnering closely with our Director of Risk, as well as U.S. and EU-based advisors, to build a scalable and compliant security posture.
You’ll be both a builder and an operator—implementing controls, hardening systems, managing risk, and ensuring the company’s security measures enable growth while meeting regulatory expectations.
WHAT YOU’LL BE DOING:
- Drive security strategy and governance: Develop, implement, and monitor a comprehensive information security and ICT risk management program aligned with DORA, ISO27001, and EU/Estonian requirements.
- Develop and maintain frameworks: Own the company’s Information Security Management System (ISMS), ensuring all policies, controls, and documentation align with regulatory and business needs.
- Implement and operate security controls: Deploy and manage technical safeguards across cloud, on-prem, and application environments—covering vulnerability management, system hardening, and incident response.
- Collaborate across teams: Work closely with global engineering, risk, and compliance functions to ensure consistent application of security standards and processes across systems and services.
- Lead ICT risk management: Identify, assess, and manage ICT risks across business units, and provide actionable security insights for new technologies and initiatives.
- Engage with regulators and auditors: Serve as the main point of contact (or in coordination with control functions) for regulators, auditors, and external security assessors.
- Measure and report security posture: Regularly brief management and, where applicable, the Supervisory Board on key risks, compliance status, and improvement initiatives.
- Promote a culture of security: Drive employee awareness and training programs to foster security ownership and operational hygiene across the company.
- 5+ years in information security operations or management with proven implementation of security and compliance programs. Experience in ICT risk management and oversight of technical security functions.
- Strong understanding of EU/Estonian frameworks, including DORA, ISO27001, SOC2, and GDPR. Experience supporting regulatory licensing or audit processes is a plus.
- Hands-on experience with cloud environments (AWS, Azure, GCP), secure configuration, vulnerability management, monitoring, and incident response. Familiarity with Linux/Windows hardening, networking, and scripting (e.g., Python, Bash).
- Higher education in a STEM or business-related field.
- Full working proficiency in English and Estonian.
- Proactive, structured, and detail-oriented leader with strong project management, communication, and collaboration skills.
- Experience preparing for regulatory inspections, working with ISO27001 audits, or partnering with fractional CISO/DPO roles. Certifications such as CISSP, CISM, ISO27001 Lead Implementer, or CIPP/E are beneficial.
We will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the State of California Fair Chance Initiative for Hiring.
Key Skills
Ranked by relevanceReady to apply?
Join Lightspark and take your career to the next level!
Application takes less than 5 minutes