Head of Information Security

About Alma

At Alma, we believe sustainable commerce depends on fair, well‑balanced trade. Because finance plays a pivotal role in business, our mission is to put it back in its rightful place - serving merchants and consumers. Our installment and deferred payment solutions help merchants boost sales by 20% or more, increase customer loyalty, and deliver a seamless shopping experience - without encouraging bad debt.

As the buy now pay later leader in France and active in 10 European countries, we’ve empowered over 21,000 merchants and 8 million consumers. With 360+ Almakers and €100M+ ARR, Alma is scaling rapidly across Europe — and we’re just getting started.

Your mission

You will lead Alma’s Information Security and IT teams (6 FTEs supervised) and report to the General Secretary. You’ll define the strategy, steer execution, and foster a culture of security-by-design across the company, partnering closely with executives and cross‑functional leaders.

What you’ll do Proposal

Manage

• Lead a 6‑person team across IT and Security; set objectives, coach, and develop talent;
• Structure and prioritize work across roadmap, ensuring delivery and accountability;
• Define the budgetary needs to carry out the defined missions.

Governance, Compliance, and Risk management

• Ensure the company’s cyber steering and governance;
• Identify cybersecurity issues and risks;
• Define and maintain security policies, procedures, and guidelines. Ensure their implementation;
• Manage relationships/interfaces with security stakeholders in banking regulation;
• Build and run the information security program, ensuring alignment with key regulations and industry frameworks:
  • PSD2, DORA, EBA Guidelines, GDPR.
  • SOC 2, ISO 27001, PCI-DSS, and related standards.

Support the Business

• Provide support for cross‑functional projects, RFI/RFPs;
• Act as an advisor, providing assistance, information, training, and alerts to various functions/departments (HR, Procurement, Engineering, Sales...).

Protect

• Define the organizational and technical measures to be implemented to achieve the defined security objectives. Monitor and measure their implementation;
• Promote a cyber culture for users and management;
• Provide support during assessments and audits carried out by internal and external stakeholders.

Detect and Respond

• Lead threat detection activities across the different information systems;
• Lead security incident response;
• Ensure that the security crisis management framework is operational.

Ensure Business Continuity/Recovery

• Evolve the Business Continuity Plan (BCP) and Disaster Recovery Plans (DRP);
• Define and supervise DRP tests;
• Ensure a cyber‑resilience strategy.

Awareness and Training

• Develop and maintain a strong security awareness program with measurable impact;
• Run regular internal (and when relevant, external) sessions to test and improve adherence to security policies and procedures.

What we’re looking for

• Proven experience leading Information Security programs in a high‑growth, product/tech‑driven environment - ideally in the banking & payment sector
• Experience managing combined IT & Security scopes is a plus;
• Team leadership: coaching, hiring, and developing talent; fostering a culture of security-by-design and continuous improvement;
• Excellent stakeholder management and communication skills; comfortable advising executives and collaborating across Engineering, Product, Data, Legal, and People;
• Strong knowledge of SOC2, ISO27001; hands‑on track record implementing controls and passing audits;
• Strong knowledge of cloud and systems architectures, databases, and applications.
• Knowledge of security tools and technologies (XDR, EDR, Security Operation center management, vulnerability management, phishing platform, etc.)
• Demonstrated capability in risk management, incident response, and threat‑informed decision‑making;
• Practical experience with vulnerability management, BCP/DRP;
• Fluency in English;

Hiring process

• Intro call with Talent
• Conversation with Hiring Manager (General Secretary)
• Business Case (with the Infosec team)
• Cross‑functional interviews (Legal, Internal Control, Compliance)
• Final conversation with our co-founder