Senior Associate, Information Security
Who we are
We simplify wealth creation. Founded in 2014 in Vienna, Austria by Eric Demuth, Paul Klanschek and Christian Trummer, we’re here to help people trust themselves enough to build their financial freedom — for now and the future. Our user-friendly, trade-everything platform empowers both first-time investors and seasoned experts to invest in the cryptocurrencies, crypto indices, stocks*, precious metals and commodities* they want — with any sized budget, 24/7. Our global team works across different cultures and time zones, bringing our products to more than 6 million customers, making us one of Europe’s safest and most secure platforms that powers modern investing.
Headquartered in Austria but operating across Europe, our products are built by fast-moving, talented, “roll-up-your-sleeves-and-make-it-happen” kind of people. It’s these diverse perspectives and innovative minds operating as ONE TEAM that keep Bitpanda at the cutting edge of our industry. So if you’re someone who thinks big, moves fast and wants to make an impact right from day one, then get ready to join our industry-changing team. Let’s go!
Your mission
As an Information Security Senior Associate, you will drive key parts of our governance, risk, and compliance (GRC) program in a regulated fintech environment. You’ll own recurring GRC processes end-to-end (such as evidence cycles, control testing, risk workflows), partner with control owners across the business, and help keep us continuously audit-ready. You’re hands-on, independent, and able to translate requirements into practical controls, while knowing when to escalate and when to simplify.
What you’ll do
- Governance & control framework ownership: Own and maintain parts of the ISMS; ensure policies/standards are implemented in a measurable way; support security-by-design governance for new initiatives.
- Assurance & audit execution: Plan and run audit readiness activities (ISO 27001/SOC 2/internal audit/regulatory requests): timelines, evidence plans, stakeholder coordination; review evidence for quality (period coverage, completeness, traceability), challenge gaps, and drive remediation with control owners; draft clear, consistent responses to auditors and internal stakeholders; maintain an action plan and verify closure.
- Risk management: Facilitate risk assessments for systems/projects/vendors with appropriate depth; document outcomes and treatment plans; maintain the risk register quality; identify systemic themes (repeat findings, control weakness patterns) and propose improvements to reduce residual risk.
- Third-party risk & compliance enablement: Lead parts of third-party risk management: due diligence reviews, tracking remediation commitments, and supporting security contractual requirements; Partner with Procurement/Legal/Business owners to ensure proportionate security requirements for vendors (especially critical service providers).
- Control testing & continuous improvement: Execute control design/operating effectiveness testing for a defined control set; document results and recommend improvements; produce GRC reporting and metrics for leadership (audit status, overdue actions, risk trends, control health indicators); improve GRC workflows through templates, playbooks, automation, and tooling (where applicable).
Who you are
- You’re proactive and ownership-driven: you don’t wait to be told what’s missing; you spot gaps and fix them.
- You can balance rigor with pragmatism, applying controls proportionate to risk and business criticality.
- You write clearly and persuasively, especially when documenting controls, risks, and audit responses.
- You’re comfortable challenging constructively; asking “show me” and improving evidence and control quality without being obstructive.
- You’re collaborative and calm under deadline pressure (audits, regulator requests, and escalations).
What’s in it for you
- Flexibility to work where you thrive – Enjoy the freedom of our Hybrid working model, combining onsite collaboration and remote work, with an additional 25 days per year to work from a city or country of your choice.
- Reward for your impact – Receive a competitive total compensation package aligned with Bitpanda’s pay-for-impact policy, including participation in our stock option plan.
- Support for your mental wellbeing – Access confidential coaching, counselling, and mental health resources whenever you need them through OpenUP.
- Time to recharge – Take extra time off to rest, reset, and recharge, with 3 additional days off in 2026 to prioritise your wellbeing.
- Continuous learning and growth – Grow your skills and stay ahead in your career with unlimited access to Udemy’s library of online courses at your own pace.
- Exclusive perks and rewards – Enjoy discounts, rewards, and perks from partners worldwide across lifestyle, wellness, tech, and travel.
- Support during life milestones – Take advantage of our additional 8 weeks of gender-neutral new parent leave to welcome and bond with your new addition to the family.
- Create a productive workspace at home – Set up your home office exactly how you want it with a dedicated budget for comfort and productivity.
- Fuel and focus on-site – Pandas in Vienna, Bucharest, Barcelona, and Berlin can enjoy free onsite dining, with freshly prepared lunches and snacks to keep you fuelled and focused all day long.
- Recognition for your contributions – Celebrate milestones and achievements with recognition and rewards for your Tenure at Bitpanda.
- Show your Bitpanda pride – Access exclusive Bitpanda-branded merchandise and gear to represent.
- Connect and celebrate with your team – Join unforgettable company events, from our Winter Party in Vienna to summer gatherings worldwide, fostering fun, connection, and celebration
.…and even more location-specific benefits designed to make life at Bitpanda even more rewarding wherever you are.
Above all, you will have the opportunity to learn and grow as part of Bitpanda’s incredible journey towards being Europe’s future #1 investment platform.