🚀 Be part of a movement to change the way Europe pays

In today’s digital world, payments often still feel outdated: random delays and confusing rules make it harder than it should be to pay and get paid. The European Payments Initiative (EPI) is here to change all that, forever.

With Wero, our digital wallet, we make sending and receiving money simple, seamless and secure across France, Belgium and Germany, with more countries and omnichannel solutions coming soon. Supported by 14 major banks and the two largest European acquirers, EPI is building a new, proudly European payment system: easy, instant and transparent, all for the greater good.

🔎 What's in it for you

We’re hiring a Head of Security Operations and Corporate IT to lead and mature our Security Operations and Corporate IT functions — ensuring EPI scales securely, reliably and efficiently.

In this role, you'll shape the vision and objectives across these domains, establish clear goals, and drive continuous operational improvements. You will work closely with senior management to align long-term roadmaps with business priorities, strengthen governance, and increase operational transparency. You’ll also lead vendor ecosystems and budgets to deliver scalable, cost-efficient, audit-ready outcomes.

At EPI, we embrace a remote-first culture, enabling our teams to work remotely from the country they are based in, with in-person meetings at least once a quarter to foster collaboration and connection.

🐝 About the team

You’ll lead a multidisciplinary team of 13 individuals, with expertise and areas of focus ranging from Identity and Access Management to Security Operations Center, Threat Intelligence and Threat Hunting, Pentesting, Digital Workplace Security, Key Management Office and Corporate IT delivery. You will partner closely with Engineering, CISO office, Risk/Compliance and Operations to build predictable, measurable, and resilient capabilities that enable the business while reporting directly to the COO.

💥 Your impact

• Lead and evolve the Security Operations strategy and operating model, ensuring high-quality monitoring, triage, incident response, and continuous improvement.
• Continue building a dependable security incident response capability with clear escalation, playbooks/runbooks, operational readiness practices, and strong post-incident learning.
• Mature threat intelligence and security validation practices (e.g., threat-informed exercises / adversarial testing approaches) to strengthen detection coverage and organisational resilience.
• Establish key, secrets, and certificate lifecycle management (ownership, lifecycle processes, monitoring, auditability), enabling predictable and controlled operations.
• Lead and evolve Corporate IT strategy and operating model and transform Corporate IT into a trusted, service-oriented function with measurable performance, and an excellent internal stakeholder experience.
• Drive operational transparency through dashboards and KPIs across Security Operations and Corporate IT, proactively identifying, documenting, and escalating risks/issues with practical mitigation plans.
• Own vendor performance and budget stewardship across managed service providers and tooling partners, ensuring value, accountability, and scalable outcomes.
• Strengthen audit readiness and operating controls (e.g., for ISO/IEC 27001, PCI DSS and similar assurance expectations) through disciplined documentation, evidence, and remediation follow-through.
• Engage actively with external stakeholders and keep up to date with latest trends.
  
  

💻 Technology stack

Security & operations: SIEM, EDR/XDR, vulnerability management, ticketing/case management, security automation (SOAR)

Identity & governance: IAM concepts, secrets management, PKI / certificate lifecycle management, key management / HSM concepts

Corporate IT: ITSM practices, endpoint management/MDM, collaboration and productivity tooling

Infrastructure exposure: cloud environments, CI/CD, observability, incident management

(We don’t expect you to be hands-on in every tool — we’re looking for someone who can lead outcomes, maturity, and operating models.)

🕵🏻♀️ To succeed, you should meet at least 70% of these requirements

• Significant professional experience across Security Operations and/or Corporate IT Operations, ideally in a regulated or high-availability context.
• Proven leadership experience managing multidisciplinary teams, with a track record of improving services through people, process and technology.
• Strong incident response leadership skills: calm under pressure, structured decision-making, and able to drive measurable improvements over time.
• Experience building scalable operational practices: on-call/coverage models, escalation paths, runbooks, post-incident reviews, and operational KPIs.
• Ability to design and implement pragmatic governance frameworks, including familiarity with enterprise cryptography/key management/certificates from an organisational perspective.
• Demonstrated capability improving Corporate IT service delivery (service orientation, intake models, transparency, stakeholder satisfaction).
• Experience managing vendors/partners and budgets, including performance governance (SLAs, regular reviews, escalations, value realisation).
• Experience supporting control assurance/audit activities (ISO 27001, DORA, PCI DSS, SOC 2 or similar), including evidence discipline and remediation management.
• Fluent in English (CEFR C1 or C2); additional European languages is a plus.
• Experience in the payment or financial services industry is a plus.
• Experience with AI systems and agents is also a plus.
  
  

🪜 If this looks like you, the recruitment steps are:

• A first call with one of our recruiters
• A first interview focusing on an operational deep dive with SecOps experts
• A second interview with our CISO
• A final interview with our COO
• Hopefully, an offer you can’t refuse
  
  

⛔ Turn back if …

• You prefer a highly structured corporate setup with predefined processes and no ambiguity.
• You’re not comfortable owning outcomes across both security operations and corporate IT service delivery.
• You dislike leading during high-pressure incidents and making decisions with imperfect information.
• You see security or IT as a gatekeeper rather than an enabler of reliable delivery.
  
  

Otherwise apply!

🫶 Our commitment to equal employment opportunities

EPI offers the same job opportunities to all, without distinction of gender, ethnicity, religion, sexual orientation, social status, disability or age. EPI promotes the development of an inclusive work environment that mirrors the diversity of the clients our product is serving.