Transak

Director, Information Security, Austria

Full-Time in Austria - Senior - Engineering

About Transak

Our mission is that Any financial application can onboard any user, anywhere in the world, in 1 click.

Transak provides onboarding to financial applications through authentication, KYC, risk checks, and fiat on/off ramps. This is a next generation of infrastructure for the next generation of financial applications that are built on blockchain and stablecoin rails. Our API and widget-based solutions are used by top partners like MetaMask, Coinbase, Ledger, and Trust Wallet to enable seamless onboarding of over 10 million users across over 450 active applications.

We have raised over $37M from top-tier investors including Consensys, Tether, and Animoca Brands.

Role Overview

The Director – Information Security (Austria) is Transak’s global authority for information and cybersecurity, responsible for safeguarding systems, data, infrastructure, and regulatory trust across all operational regions.

Reporting to the Board (Austria), this role blends strategic leadership with hands-on operational expertise. The Director ensures Transak maintains a resilient and compliant security program aligned with ISO 27001, SOC 2, GDPR, DORA, MiCA, and NIS2.

This leader must protect, enable, and influence, ensuring that security supports innovation while providing regulators, partners, and users with confidence.

Key Responsibilities

1. Information Security Strategy & Governance

  • Develop, own, and continuously evolve Transak’s global information security strategy and multi-year roadmap, ensuring alignment with business objectives, risk appetite, and regulatory expectations across all jurisdictions.
  • Define, maintain, and enforce enterprise-wide security policies, standards, and procedures that support operational excellence, legal obligations, and secure-by-design principles.
  • Present security posture, maturity assessments, incident reports, and risk dashboards to the Board and Group Leadership, ensuring executive visibility and clear strategic decision-making.
  • Lead the global security governance framework, including committees, steering groups, and reporting cycles, ensuring accountability, traceability, and measurable progress across all domains.
  • Drive a unified control environment, ensuring consistency of security practices across products, infrastructure, regions, and third-party suppliers.

2. Security Architecture & Engineering

  • Lead secure-by-design engineering practices across all products, infrastructure, and cloud environments, ensuring security is embedded from ideation through deployment.
  • Own and govern critical architecture components including Identity & Access Management (IAM), encryption standards, secrets management, network architecture, logging, monitoring baselines, and configuration hardening.
  • Ensure high-quality secure coding practices, including threat modeling, code review standards, and automated security testing within CI/CD pipelines.
  • Partner deeply with Engineering and Product to ensure architecture choices, technical debt decisions, and product expansion strategies incorporate strong security and compliance foundations.
  • Oversee architectural risk assessments for new features, integrations, jurisdictions, and third-party providers.

3. Threat Detection, Incident Response & Vulnerability Management

  • Own and continuously mature SIEM, threat intelligence, telemetry pipelines, monitoring frameworks, and alert management practices.
  • Lead enterprise-wide incident response, including real-time command, forensics, containment, eradication, recovery, and regulatory/partner notification workflows.
  • Direct the vulnerability lifecycle: scanning, triage, prioritisation, remediation governance, patch cycles, and risk acceptance processes with clear accountability.
  • Ensure post-incident reviews (PIRs) produce actionable learnings, systemic improvements, and verifiable control enhancements.
  • Maintain readiness for regulator-notifiable events, aligning with GDPR, DORA, MiCA, and NIS2 expectations.

4. Information Security Governance, Risk & Compliance (GRC)

  • Ensure full and ongoing compliance with ISO 27001, SOC 2, GDPR, DORA, MiCA, and NIS2, maintaining certification readiness and proactively preparing for regulatory changes.
  • Own audit readiness and evidence management, ensuring documentation, controls, and processes are audit-proof, consistent, and regulator-grade.
  • Translate regulatory and standards updates into operationally viable controls that can be adopted across Product, Engineering, Operations, Compliance and Customer Support.
  • Support the Data Protection Officer (DPO) with data protection governance, DPIAs, vendor reviews, breach assessments, and secure data lifecycle management.
  • Drive risk assessment processes, ensuring the risk register, treatment plans, and ownership structures remain up to date and validated.

5. Resilience: BCP, Crisis Management & Disaster Recovery

  • Own and maintain the enterprise-wide BCP and DR frameworks, ensuring coverage of all critical services, dependencies, and regulatory obligations.
  • Conduct simulations, tabletop exercises, and resilience testing, ensuring readiness for cyber incidents, operational outages, supplier failure, and region-wide disruptions.
  • Lead crisis communication and escalation workflows, coordinating between marketing, customer support, engineering, product, operations, legal, compliance, and executive leadership.
  • Ensure resilience strategies meet DORA and MiCA requirements, including ICT continuity, response times, and reporting expectations.

6. Awareness, Training & Culture

  • Lead global cybersecurity awareness programs, ensuring all employees, contractors and partners understand threats, safe practices, and their obligations.
  • Champion a culture of transparency, accountability, and ethical decision-making, ensuring security concerns are surfaced early and addressed consistently.
  • Partner with Product, Engineering, Compliance, Risk, Operations and Customer Support to embed security education, requirements, and threat considerations into everyday workflows.
  • Develop targeted training tracks (e.g. Customer & Partners communication, IR Readiness, Data Protection, Access Management) to uplift institutional capability.
  • Act as a visible cultural leader, reinforcing that strong security supports innovation, customer trust, and regulatory confidence.

7. Regulatory Representation & External Security Leadership

  • Act as Transak’s regulatory-facing security representative, serving as the primary point of contact for supervisory authorities, auditors, and external assessors on all matters relating to cybersecurity, operational resilience, ICT risk, and incident management.
  • Ensure transparent, timely, and accurate communication with regulators under DORA, MiCA, GDPR, NIS2, ISO 27001, and SOC 2 obligations, including incident notifications, audit responses, and control evidence submissions.
  • Build and maintain trusted, credibility-based relationships with regulatory bodies, demonstrating strong governance, maturity, and accountability in Transak’s information security posture.
  • Translate regulatory expectations into actionable internal programs and ensure all teams (Product, Engineering, Compliance, Risk, Operations and Customer Support) understand and meet relevant obligations.
  • Represent Transak at regulator workshops, supervisory dialogues, and industry consultations, contributing security insights that strengthen compliance and safeguard market integrity.

Must-Haves

  • 10+ years in cybersecurity with 5+ years in leadership.
  • Strong experience in cloud security, IR, architecture, and GRC.
  • Experience with ISO 27001, SOC 2, DORA, GDPR, MiCA, NIS2.
  • Regulator/auditor-facing experience.
  • Strong communication, documentation, and strategic influence.

Nice-to-Haves

  • Fintech, payments, or crypto/Web3 experience.
  • CISSP, CISM, CISA, ISO 27001 Lead Implementer.
  • Experience building DevSecOps programs and automation

%FOOTER_POWERED_BY%breezy