Chief Information Security Officer at ALTERNATIVE LOANS EXPERIENCE TECHNOLOGIES IP – Luxembourg, Luxembourg
Explore Related Opportunities
About This Position
As the Chief Information Security Officer at INFINIT, you will be the single point of contact for the Board and the CSSF on all ICT, security and operational resilience matters for our CSSF-licensed Payment Institution in Luxembourg. In a rapidly evolving regulatory environment like DORA, CSSF Circular 25/880 and PSD3 in progress, you will design and build a robust, proportionate IT and security governance framework from the ground up, suited to our size and risk profile.
The Group has a clear ambition to expand its services across Europe. As we will passport our licence and establish operations in new EU jurisdictions, this role will carry responsibilities beyond the CSSF perimeter including engagement with local regulators and compliance with jurisdiction-specific ICT and security requirements.
You will also operate within the Group’s existing infrastructure and technology team, coordinating closely with the Group IT function while building the PI’s own regulated governance framework.
In accordance with DORA and CSSF Circular 25/880, this role requires the formal designation of the appointee as the entity’s ICT Risk Management responsible before the CSSF. The incumbent must be able to represent the entity during on-site and remote supervisory reviews conducted by the CSSF.
Governance & DORA Compliance
Design and maintain the ICT risk management framework in line with DORA and CSSF Circular 25/880
Draft, implement and keep up to date information security policies and procedures
Build and maintain the ICT third-party register (cloud providers, software vendors, critical sub-contractors)
Prepare and deliver ICT reporting to the Board and the CSSF (incidents, KRIs, resilience test outcomes)
Lead digital operational resilience testing programmes (TLPT where applicable)
Anticipate and manage EU-level regulatory implications arising from the Group’s European expansion, including engagement with local regulators in passported jurisdictions and compliance with any additional ICT/security requirements they may impose
Define and oversee the AI security and AI risk management governance framework, ensuring alignment with the Group’s AI-first strategy and applicable regulatory requirements
Information Security (CISO)
Define and oversee the entity’s cybersecurity strategy and policy
Manage detection, response and notification of major ICT security incidents via the CSSF eDesk portal
Supervise access management, data protection and payment system security
Ensure PCI-DSS compliance and strong customer authentication requirements (SCA/PSD2)
Facilitate and coordinate internal audits, risk assessments, and penetration tests
IT Oversight (CIO)
Oversee IT infrastructure (primarily cloud-based), technical service providers and related contracts
Define the technology roadmap in alignment with business needs and regulatory requirements
Manage relationships with critical IT vendors and monitor SLA compliance
Lead cross-functional IT projects (migrations, integrations, payment platform evolutions)
Own and maintain Business Continuity and Disaster Recovery plans (BCP/DRP)
Coordinate with the Group IT function (existing infrastructure and technology team) to ensure alignment between the PI’s regulated IT/security requirements and Group-level systems, while building the PI’s own governance framework from the ground up
Leadership & Cross-functional
Raise security awareness and deliver training across the organisation
Collaborate closely with Compliance, Risk Management and Internal Audit
Act as the primary contact during CSSF on-site and remote inspections
Experience
Minimum 7 years in IT, including at least 3 years in a CISO or equivalent role
Master’s degree in computer science, Cybersecurity, Engineering or equivalent
Professional certifications valued: CISSP, CISM, ISO 27001 Lead Implementer/Auditor, CRISC, CCSP
Mandatory experience in a regulated financial environment (bank, PSP, insurance, PSF)
Hands-on knowledge of DORA, PSD2 and CSSF requirements preferable
Proven experience with cloud environments (AWS, Azure, GCP) and payment architectures
Technical Skills
ICT risk management and security frameworks (ISO 27001, NIST, TIBER-EU)
API security and payment system security (SWIFT, SEPA, open banking)
Incident management, forensics, SOC oversight (in-house or MSSP)
Working knowledge of PCI-DSS requirements and SCA implementation
Fluent English and French required, Luxembourgish or German is a great plus
Ability to operate autonomously in a lean, growing organisation
Strong communication skills with Board members and non-technical stakeholders
Rigorous documentation discipline is essential for CSSF inspections
Pragmatic approach: ability to apply the DORA proportionality principle effectively
- Competitive Salary and Equity: We offer highly competitive salaries and a stake in our success with share options because we're building this together.
- Diverse and Inclusive Team: Join a dynamic and international team in excess of 8 nationalities. You'll have the chance to work with experienced professionals from around the world, fostering a rich learning environment.
- Inspiring Mission: We are dedicated to revolutionizing business financing and making a positive impact on the European economy. Your work at INFINIT will have a lasting effect on businesses and communities.
- Health and Well-being: Your health matters to us. You will have access to top-quality Medical & Mental Health Insurance.
- Quality Time Together: We foster a sense of community with annual gatherings and bi-weekly office team gatherings. You're more than welcome to join us for quality time.
- Personal Time Off: Enjoy flexibility with your personal time off.
- Flexibility and Ownership: We trust our team and we are goal-oriented. Enjoy the flexibility of hybrid working 3 days a week in our Luxembourg office and 2 days at home.