Skip to main content

VP Information Security — Finoa Group

Vilnius
Full-time
Permanent employee
5,500 - 6,600 € per month

About us:

At Finoa, we are on a mission to enable institutions and individuals globally to migrate their capital into the onchain economy. We are actively engineering the platform that makes this possible.


We believe great products are built by people who are eager to leave their mark on the world. We are looking for ambitious, curious, and hard-working individuals who want to learn quickly, take ownership, and help us grow in a fast-moving market.


If you are excited by fintech, digital assets, AI, and the future of institutional finance, we would love to hear from you.

Your mission:

We are looking for a VP Information Security to lead security for the Group — someone equally comfortable setting security strategy and reporting to a regulated Board as they are running the SOC day to day.


This is a hybrid role by design: for one of our regulated entities, you'll act as the appointed CISO, owning the cybersecurity framework and the regulatory relationship. Across the wider Group, you'll build and run operational security day to day — the SIEM, detection, and incident response.

In this role, you will:

Security leadership & regulatory ownership


  • Own the cybersecurity framework  Continuously improve strategy, policies, risk register and controls, reviewing and updating them at least annually against the evolving threat landscape.

  • Run the cyber risk-management lifecycle  Maintain the asset inventory, run risk assessments, monitor on an ongoing basis, and report regularly to the Board on the risks that matter, working closely with Risk Controlling on second-line risk oversight.

  • Lead regulatory incident notification  Notify our regulator when required, keep affected parties informed, and work closely with our Data Protection Officer whenever personal data is involved.

  • Set security standards  Maintain baseline security-configuration and access-control standards, and commission independent vulnerability scans and penetration tests at least annually and after major changes.

  • Own vendor and outsourcing security due diligence  Including for cloud providers.

  • Build our security culture  Run a group-wide security awareness programme, and make sure the security function is properly resourced.

  • Support independent assurance  Help the Board approve the security audit plan and enable independent reviews of our cyber resilience.

  • Be the voice of security  Act as the primary point of contact for the Board and all internal functions on cyber risk, and act as CISO in representing the relevant regulated entity to our regulator on IT security matters.


Hands-on operational security / SOC


  • Own and operate our SIEM  Design detection use cases, onboard log sources, tune out noise, and triage alerts.

  • Run security monitoring  Own continuous detection coverage and the escalation path from detection into incident response.

  • Lead incident response  Own containment, eradication and recovery for security incidents, working hand in hand with engineering leadership.

  • Run vulnerability management day to day  Scanning, triage, remediation tracking and verification.

  • Operate threat intelligence  Track relevant feeds, maintain indicators of compromise, and keep detections current.

  • Own security tooling configuration  EDR, firewalls, network monitoring, in coordination with engineering.

  • Own on-call for security incidents  Hold or delegate coverage outside business hours.

What you need to be successful:

  • Ideally 5+ years in information security or similar roles, with a genuine mix of hands-on SOC / detection-engineering work and governance or senior-management-level accountability. We need both, not one alone.

  • A track record owning a cybersecurity framework in a regulated environment that requires senior-level reporting and regulatory incident notification (financial services, VASP, e-money or comparable).

  • Real, practical experience owning a SIEM (design, tuning, operation) and leading incident response, not just overseeing a vendor who does this.

  • You're comfortable being a named, accountable CISO to a regulator, subject to fit and proper assessment, and presenting directly to a Board.

  • Some major parts of fit-and-proper assessment are: a clean regulatory and criminal record (probity checks cover criminal history, sanctions and disciplinary action), no disqualification from a director or senior-management role, and sound personal finances; experiences in security roles, ideally in regulated environments, must be demonstrable.

  • We expect you to be in our office in Vilnius for 2-3 days per week, as we are growing a local team incl. an in-office culture.

  • Nice to have

    • CISSP, CISM or equivalent.

    • SANS/GIAC or other operational security certifications.

    • Prior exposure to regulatory regimes.

What’s in it for you:

  • Build on a mature foundation Inherit an established security setup and develop it further as our product and customer base grow.

  • Shape a founding LT culture Be one of the early members of Finoa's LT Team, with real influence over how security collaborates with our groups engineering, compliance and risk teams.

  • Grow with the role As the business scales, the scope grows with you rather than staying fixed.

  • Move fast, stay rigorous Work in a fast-paced environment while holding the line on regulatory and security requirements.

  • Direct exposure to the Board Unfiltered reporting lines give you real visibility and feedback at the highest level.

  • A broad set of stakeholders Work daily across engineering, compliance, legal and risk, and across our different jurisdictions and entities.

Salary Band for this role

The salary band for this role is  €5,000 - €6,600 a month (before tax deduction).


The final offer will depend on the experience and competencies of the selected candidate. The Overall remuneration package consists of the salary together with other benefits.

Diversity & Inclusion:

Finoa is an equal opportunity employer devoted to diversity and inclusion in the workplace. We genuinely welcome and encourage applications from people of all backgrounds, cultures, genders, sexual orientations, abilities, neurodiversities, and ages.

Data Privacy:

Finoa processes candidate data in accordance with GDPR.