MultiSafepay is a leading payment service provider, offering omnichannel and advanced payment solutions to businesses across Europe. We are innovative and fast-growing, building powerful solutions that transform the way our clients do business. We focus on delivering real solutions to their challenges and always stay ahead of the curve. In short, we are a true FinTech.
We're on a mission to make payments simple, secure, and accessible for every business. With powerful in-house technology and deep expertise, our modular platform brings online, in-person, and cross-border payments together in one place — giving merchants the flexibility to scale on their own terms. Through a partnership-first approach, we tackle complexity head-on, keep payments running smoothly, and boost success rates. It's how we level the playing field for businesses of all sizes and ambitions.
We are looking for an Information Security Risk Manager to act as the primary operational owner of MultiSafepay's ICT Risk Management Framework within the second line of defence. In this role, you will be responsible for the day-to-day execution, monitoring, and reporting of ICT risk and information security activities in line with DORA, ISO 27001, and PCI DSS requirements. You will own the Eramba GRC platform, the ISMS policy suite, and the ICT risk register, providing technical ICT risk input to the Head of Risk & Compliance for board-level reporting.
What you'll be doing:
-
Maintaining and developing the ICT risk register, executing the RCSA cycle for ICT risk domains, and monitoring key ICT controls including KRI dashboard management
-
Owning the ISMS policy suite in line with ISO 27001, DORA, and MultiSafepay document standards, and coordinating security monitoring oversight from a 2LoD perspective
-
Supporting DORA Chapter II obligations including ICT incident classification and major incident reporting, and monitoring the external threat landscape to translate developments into 2LoD risk signals
-
Leading PCI DSS 2LoD governance as primary owner of PCI DSS v4.0 compliance oversight, coordinating PCI-3DS as a separate project stream, and acting as primary contact for QSA and internal stakeholders
-
Owning the Eramba GRC platform including data structure, user access, and module configuration, and driving its rollout to new modules and processes as the ICT risk framework matures
-
Providing second line of defence oversight of ICT third-party risk, acting as primary liaison for the annual EY IT audit, and supporting the annual Ant Group IT risk reporting cycle
What you'll need:
-
5-8 years of experience in ICT risk management, information security, or a related technical discipline within a DNB-supervised financial institution
-
Demonstrable experience with DORA (ICT risk management chapter), ISO/IEC 27001, and PCI DSS v4.0
-
Hands-on experience with a GRC platform such as Eramba or equivalent, including RCSA execution, control monitoring, and KRI reporting
-
A Bachelor's or Master's degree in Information Security, Computer Science, Risk Management, or an equivalent field
-
Strong ability to translate complex technical risks into clear reporting for non-technical stakeholders, with a structured, process-oriented working style
-
Ability to constructively challenge first line of defence stakeholders on ICT risk and security topics
-
Strong written and verbal communication skills in English (Dutch is a plus)
Nice to have:
-
Relevant certifications such as ISO 27001 Lead Implementer, CISM, or CRISC
-
PCI DSS certification or demonstrable practical experience
What you'll get from us:
-
A competitive salary and benefits package
-
Free Spanish classes and optional afterwork sports activities
-
Opportunities for professional growth
-
A diverse role within a dedicated international team of enthusiastic colleagues