Information Security Officer - BeOne

About the role: We’re seeking a seasoned Information Security Officer to drive our security strategy from the ground up. As the first dedicated security leader, you’ll be at the forefront of protecting our systems, data, and users, ensuring we can scale securely and remain fully compliant. You’ll steer policy creation, oversee risk management, drive security testing, and collaborate company-wide to embed security in everything we do.

About us: BeOne is a next-generation neobank that redefines how individuals and businesses manage money by blending traditional and digital finance. Our platform offers multi-currency accounts, ultra-low fees, real-time global payments, and robust financial tools, all within an intuitive, refined interface. Our bold vision is to become the largest regulated funds and data transfer network for both retail and business customers. We empower users with financial freedom, security, and efficiency, whether for personal finances, business operations, or global investments.

What you will do:

• Drive the company’s information security strategy, ensuring alignment with GDPR, ISO 27001, DORA, PSD2/3, and other relevant regulations.
• Identify and address local and entity-specific security requirements to maintain rigorous standards.
• Conduct regular risk identification and develop mitigation strategies across systems, processes, and vendors.
• Develop and maintain security policies, standards, and incident response protocols.
• Support business continuity and disaster recovery planning for seamless resilience.
• Lead and oversee internal/external security audits to ensure transparency and accountability.
• Partner with engineering and ICT teams to embed secure-by-design principles in products and infrastructure.
• Conduct security awareness training and foster a culture that values security at every level.
• Manage ongoing security testing (e.g., vulnerability scans, penetration tests) and track findings to resolution.
• Maintain comprehensive reporting and documentation for clear visibility and audit readiness.
• Utilize compliance automation platforms to proactively monitor and enforce standards.
• Stay on top of emerging threats and industry best practices to continually strengthen our security posture.

What we expect from you:

• 4+ years of experience in a similar role (ideally in payments or fintech), with proven Second Line of Defense responsibilities in InfoSec and IT Compliance & Frameworks.
• Demonstrated success meeting GDPR, EU NIS2, and familiarity with ISO 27001, NIST, and cybersecurity best practices.
• Skilled in conducting risk assessments, defining mitigation strategies, and creating/enforcing security policies.
• Good technical understanding of IT infrastructure, software development, hardware, data flows, change management, and BC/DR—and how they shape security and resilience.
• Fluent in Latvian, advanced English (written/spoken), based in Latvia, with the ability to visit the Riga office 1–2 times monthly.
• Self-driven, solutions-oriented, and adept at relationship building, communication, and organization.

Nice to Have:

• Security certifications (e.g., CISSP, CISM, ISO 27001 Lead Implementer).
• Familiarity with compliance automation tools (e.g., Vanta, Drata).

Why it’s worth a try:

• Lead the charge – be our first dedicated Information Security expert, shaping and owning a long-term security strategy.
• Career acceleration – Gain leadership experience in a high-growth fintech, with opportunities to build and lead future teams.
• Product-driven culture – Influence security at every development milestone where innovation and user experience take center stage.
• Flexibility in work setup – Mostly remote with 1–2 office visits per month, plus flexible hours around a core schedule of 11:00–15:00 CET.