Head of Security Operations & Corporate IT – Remote-First

🚀 Be part of a movement to change the way Europe pays

In today’s digital Europe, payments still feel too complicated. Random delays, confusing rules, extra apps and accounts make it harder than it should be to pay and get paid.

The European Payments Initiative is changing that with Wero, a proudly European digital wallet to make payments easier, clearer and more secure. Online, in store, at home and across borders, with your money and data protected under European laws and regulations.

Wero is live in Belgium, France and Germany and launching very soon in Luxembourg and the Netherlands. Backed by 16 major banks and the two largest European acquirers, we’re building a brand new, proudly European payment system. Why not join us?

🔎 What's in it for you

We’re hiring a Head of Security Operations and Corporate IT to lead and mature our Security Operations and Corporate IT functions, ensuring EPI scales securely, reliably and efficiently.

In this role, you'll shape the vision and objectives across these domains, establish clear goals, and drive continuous operational improvements. You will work closely with senior management to align long-term roadmaps with business priorities, strengthen governance, and increase operational transparency. You’ll also lead vendor ecosystems and budgets to deliver scalable, cost-efficient, audit-ready outcomes.

At EPI, we embrace a remote-first culture, enabling our teams to work remotely from the country they are based in, with in-person meetings at least once a quarter to foster collaboration and connection.

🐝 About the team

You’ll lead a multidisciplinary team of 13 individuals, with expertise and areas of focus ranging from Identity and Access Management to Security Operations Center, Threat Intelligence and Threat Hunting, Pentesting, Digital Workplace Security, Key Management Office and Corporate IT delivery. You will partner closely with Engineering, CISO office, Risk/Compliance and Operations to build predictable, measurable, and resilient capabilities that enable the business while reporting directly to the COO.

💥 Your impact

• Lead and evolve the Security Operations strategy and operating model, ensuring high-quality monitoring, triage, incident response, and continuous improvement.

• Continue building a dependable security incident response capability with clear escalation, playbooks/runbooks, operational readiness practices, and strong post-incident learning.

• Mature threat intelligence and security validation practices (e.g., threat-informed exercises / adversarial testing approaches) to strengthen detection coverage and organisational resilience.

• Establish key, secrets, and certificate lifecycle management (ownership, lifecycle processes, monitoring, auditability), enabling predictable and controlled operations.

• Lead and evolve Corporate IT strategy and operating model and transform Corporate IT into a trusted, service-oriented function with measurable performance, and an excellent internal stakeholder experience.

• Drive operational transparency through dashboards and KPIs across Security Operations and Corporate IT, proactively identifying, documenting, and escalating risks/issues with practical mitigation plans.

• Own vendor performance and budget stewardship across managed service providers and tooling partners, ensuring value, accountability, and scalable outcomes.

• Strengthen audit readiness and operating controls (e.g., for ISO/IEC 27001, PCI DSS and similar assurance expectations) through disciplined documentation, evidence, and remediation follow-through.

• Engage actively with external stakeholders and keep up to date with latest trends.

💻 Technology stack

Security & operations: SIEM, EDR/XDR, vulnerability management, ticketing/case management, security automation (SOAR)
Identity & governance: IAM concepts, secrets management, PKI / certificate lifecycle management, key management / HSM concepts
Corporate IT: ITSM practices, endpoint management/MDM, collaboration and productivity tooling
Infrastructure exposure: cloud environments, CI/CD, observability, incident management

(We don’t expect you to be hands-on in every tool — we’re looking for someone who can lead outcomes, maturity, and operating models.)

🕵🏻‍♀️ To succeed, you should meet at least 70% of these requirements

• +10 years of professional experience in Cybersecurity in one of the relevant fields, including at least 5 years managing and leading Security Operations

• Significant professional experience across Security Operations and/or Corporate IT Operations, ideally in a regulated or high-availability context

• Proven leadership experience managing multidisciplinary teams, with a track record of improving services through people, process and technology

• Fluent in English (CEFR C1 or C2); additional European languages are a plus

• Comfortable working remotely in a pan-European, multicultural environment

• Strong incident response leadership skills: calm under pressure, structured decision-making, and able to drive measurable improvements over time

• Experience building scalable operational practices: on-call/coverage models, escalation paths, runbooks, post-incident reviews, and operational KPIs

• Ability to design and implement pragmatic governance frameworks, including familiarity with enterprise cryptography/key management/certificates from an organisational perspective

• Demonstrated capability improving Corporate IT service delivery (service orientation, intake models, transparency, stakeholder satisfaction)

• Experience managing vendors/partners and budgets, including performance governance (SLAs, regular reviews, escalations, value realisation)

• Experience supporting control assurance/audit activities (ISO 27001, DORA, PCI DSS, SOC 2 or similar), including evidence discipline and remediation management

Nice to have

• Experience in the payment or financial services industry

• Experience with AI systems and agents

🪜 If this looks like you, the recruitment steps are:

• A first call with one of our recruiters

• A first interview focusing on an operational deep dive with SecOps experts

• A second interview with our CISO

• A final interview with our COO

• Hopefully, an offer you can’t refuse

⛔ Turn back if …

• You prefer a highly structured corporate setup with predefined processes and no ambiguity

• You’re not comfortable owning outcomes across both security operations and corporate IT service delivery

• You dislike leading during high-pressure incidents and making decisions with imperfect information.

• You see security or IT as a gatekeeper rather than an enabler of reliable delivery

🎁 What we can offer

• Remote-first culture with quarterly and annual all-staff in-person meetups to keep teams connected and collaborative

• Possibility to work from another EU country for up to 3 months per year

• Competitive compensation package, featuring salary, performance-based bonus, and a thoughtfully designed, high-quality benefits program

• The opportunity to be part of a multicultural European company

• Learning & development budget: €5,000 training budget per year

Otherwise apply!

🫶 Our commitment to equal employment opportunities

EPI offers the same job opportunities to all, without distinction of gender, ethnicity, religion, sexual orientation, social status, disability or age. EPI promotes the development of an inclusive work environment that mirrors the diversity of the clients our product is serving.