About Light

Light is a Smart Financial Platform (an SFP; not ERP - read our manifesto) set to make it easy, efficient, and transparent for multinational tech companies to manage their finances.

Come join one of Europe's strongest FinTech teams with people from Pleo, Juni, Google, X, AWS, Spotify, Klarna, etc. who are building a new category.

*Visa sponsorship is NOT available at this time*

About the InfoSec & Cybersecurity Lead role

As InfoSec & Cybersecurity Lead, you will own the strategy, architecture, operations, and governance of security across Light’s platform, infrastructure, and internal systems. You will be a core voice in risk decisions, compliance, incident response, and security awareness across the team. In this high-growth environment you’ll balance strategic thinking with hands-on execution.

You will:

• Define and evolve the security roadmap aligned with product, growth, and operations priorities

• Establish and enforce security policies, standards, and controls

• Lead threat modelling, vulnerability management, penetration testing, secure code review, and red teaming

• Oversee identity & access management, data encryption, key management, and secrets management

• Manage incident detection, response, forensics, and postmortem / root cause analysis

• Lead risk assessments (3rd parties, vendor, cloud, supply chain)

• Embed secure development practices (DevSecOps) and support engineering in secure architecture

• Guide compliance (e.g. SOC 2, ISO 27001, PCI DSS, GDPR / data privacy depending on roadmap)

• Provide security training, awareness, and conduct regular security reviews

• Partner cross-functionally with product, engineering, operations, legal, audit, and leadership

Key Responsibilities

…and how you fit into the team:

You combine deep technical knowledge with strategic judgment.

You know how to balance real-world risks with business speed.

You’re hands-on when needed, but also capable of driving policy, awareness, and long-term maturity.

You’ve led security in high-growth environments — and you’re ready to do it again, with impact.

Your qualifications could be:

• 7+ years’ experience in information security / cybersecurity roles, preferably in fintech, SaaS or payments

• Proven experience owning security in a fast-moving, high-growth environment

• Deep technical expertise: cloud (AWS, GCP, Azure), network, application security, identity & access, encryption, threat modelling

• Hands-on in vulnerability management, penetration test oversight, secure code review, incident response

• Familiarity with compliance on financial systems: SOC 2, ISO 27001, PCI, GDPR, etc.

• Excellent risk judgment and ability to balance security vs business velocity

• Strong communication skills — able to influence non-technical stakeholders and train engineers

• Experience leading or scaling a small security team or managing security partnerships
  
  

Bonus points:

• Prior experience in fintech / financial software / payments

• Certifications such as CISSP, CISM, OSCP, CRISC, or equivalent

• Experience with specific regulatory standards (e.g. PCI, PSD2, ISO 27001)

• Experience in embedding DevSecOps practices / platform security

Success Criteria

Reduction in high/critical vulnerabilities over time

• Mean Time To Detect + Respond (MTTD/MTTR) for security incidents

• Percentage of code / features that pass security review or threat modelling

• Vendor risk coverage and audits completed

• Compliance audit results (SOC 2, etc.)

• Number of training sessions delivered / security awareness scores

• Low incidence of security incidents affecting customers / production

Here’s what to expect in our hiring process…

1. Intro chat with CTO or Head of Operations (45 min)

2. Interview with Engineering + Product

3. Take home challenge

4. Interview with two colleagues discussing the take home challenge

5. Culture-fit & leadership interview

6. Offer

… so a few tips to stand out would be:

• Show how you’ve balanced speed and security in a high-growth environment

• Demonstrate how you’ve influenced culture — not just control

• Share how you’ve measured and communicated risk, coverage, and progress

• Walk us through your past playbooks or roadmaps — and how they evolved

• Bonus if you can articulate the “why” behind the trade-offs you’ve made
  
  

While this is the good stuff...

In addition to being part of a great team and working in a really fun and innovative environment, we offer:

💸 Competitive salary + stock options in our fast-growing startup
🍼 Paid parental leave
🏝 25 days of annual leave + public holidays (in your country)
🥳 Regular socials and company off-sites.
🚀 A huge opportunity to shape a market-defining product and engineering culture

…these are the famous last words:

At Light, we’re building the most trusted financial platform in the world — and trust starts with security. As our InfoSec & Cybersecurity Lead, you’ll help us earn that trust every day.

If you want to lead security at a company where speed and safety go hand in hand, we’d love to hear from you at careers@light.inc

🚀 Join the rocket ship while it’s taking off 🚀