Information Security and Resilience Officer

Paynt. Payments As You Need Them.

Who We Are

We are a dynamic payment solution provider, founded in 2013, rapidly evolving to deliver cutting-edge payment and financial products. We operate in the UK, Ireland, Europe and North America.

At Paynt, we aim to be the preferred acquirer for European payment solution providers. We have grown considerably in the last 12 months and need experienced colleagues who can continue to help us push forward and achieve our vision, we’re seeking talented individuals to join us on our ambitious journey.

Your Role

We are seeking an experienced Information Security and Resilience Officer to join our team. Operating in a highly regulated environment (Bank of Lithuania and UK FCA), this independent 2nd line of defense role is responsible for owning and overseeing high-level Information Security policies and ensuring regulatory compliance.

You will contribute to the ICT risk management framework in line with DORA, EBA and BoL requirements, oversee ICT third-party risk management, conduct periodic reviews and reporting of information security risks and controls to the Board and senior management.

While providing targeted practical support and strategic guidance on Disaster Recovery, the role maintains independence from day-to-day IT and information security operations.

You Will Collaborate With

• Reporting to: CEO/ Board (Lithuania) - direct for key risks, policies, major decisions, and reporting to senior management and the Board.
• Coordinate with: Chief Compliance Officer / Head of Compliance (Lithuania & UK) to ensure alignment on overall 2nd line control framework, methodology, and consolidated reporting.
• Coordinate with: Group Head of IT Security Operations and the IT function on group standards, technical execution, and implementation of security controls, while remaining fully independent in its oversight responsibilities as the 2nd line of defense.

What You Will Do

1. Information Security Governance and Policy (2nd Line of Defense)

• Policy management: Design, develop, maintain, and oversee the company’s high-level Information Security policies, standards, and frameworks as part of the overall ICT risk management framework.
• Regulatory Compliance: Ensure all IS policies and practices align with Bank of Lithuania (BoL) requirements, UK FCA regulations, DORA (Digital Operational Resilience Act), and broader frameworks such as ISO 27001.
• Risk Assessments: Conduct regular ICT and information security risk assessments, identify control gaps (including ICT third-party risk), and report risks to senior management and the Board.
• Audit and Reporting: Act as the primary point of contact for external/internal IT and security audits. Track remediation efforts for any identified findings.

2. Operational Security Support (1st Line of defense guidance)

• Advisory and Practical Support: Provide expert advisory support and targeted assistance to the IT and infrastructure teams in day-to-day operational security tasks, ensuring policies are practically implemented while maintaining the independence of the 2nd line of defense.
• Vulnerability and Threat Management: Support the execution of vulnerability scans, coordinate penetration testing, and help prioritize patching efforts, contributing to cyber resilience testing in line with DORA requirements.
• Access Management: Conduct or assist with periodic user access reviews and privileged access management (PAM) audits.
• Incident Response: Serve as an escalation point and provide advisory and hands-on support during security incident triage, investigation, and resolution in line with DORA incident classification and reporting requirements.

3. Disaster Recovery (DR) and Operational Resilience

• DR Coordination: Act as the liaison between the business and the IT department to ensure Disaster Recovery strategies meet business continuity requirements (RTO/RPO) and align with the entity’s ICT risk management framework and digital operational resilience strategy under DORA.
• Procedure Development: Guide and assist the IT department in documenting granular DR procedures and playbooks that align with high-level BCP/DR policies and the ICT risk management framework.
• Testing and Exercises: Plan, coordinate, and execute annual (or bi-annual) Disaster Recovery and cyber resilience tests. Document post-mortem reports and track areas for improvement.

What You Bring

• 5+ years of experience in Information Security, with a proven track record in both GRC (Governance, Risk, and Compliance) and operational security roles within regulated financial services environments (preferably EMI, payment institutions or banking).
• Deep knowledge and practical experience with Bank of Lithuania (BoL) requirements, EBA guidelines, UK FCA regulations, and DORA (Digital Operational Resilience Act) in a highly regulated environment.
• Broad understanding of cloud security, network architecture, endpoint protection, and identity management to effectively support the 1st line.
• Industry-recognized certifications such as CISM, CISSP, CRISC, or CISA are highly desirable.
• Excellent stakeholder management and communication skills, with the ability to translate complex technical risks into clear business impact for stakeholders, senior leadership and the Board.
• Fluent in English and Lithuanian, both spoken and written.

What We Offer

• Competitive Salary starting from €5000 gross, depending on experience and expertise, and with regular reviews.
• Health Insurance.
• Extra Health Days Off.
• Hybrid Work Model.
• Great Office Location: Vilnius city center.
• Growth Environment: Training and certification opportunities.
• Diverse and Supportive Culture: Work in a lively, diverse, and fun environment with endless growth opportunities.

Why Join Paynt?

• Be part of an innovative and rapidly growing fintech company.
• Work with an international team driving real impact.
• Enjoy career growth opportunities in a company that invests in its people.
• Make a difference - your voice and expertise matter here!

Ready to make your mark in fintech? Share your application, and let's Paynt the future together!