Finst is one of the largest cryptocurrency platforms in The Netherlands and offers a unique combination of transparency, safety and the lowest fees in the market.
We are a mission-driven start-up led by the former core team of DEGIRO and backed by some of the most successful entrepreneurs and investors on the continent (DEGIRO co-founders, Deribit). We aim to become the largest and most-trusted regulated crypto-assets platform in Europe within 5 years.
We’re looking for a hands-on Information Security Officer to join our team and take full ownership of our second-line IT risk and information security function. You’ll be reporting directly to the Chief Compliance Officer and work closely with engineering, product, and platform teams to build, challenge, and improve our security and compliance posture in line with DORA, ISO 27001, GDPR, AI Act, EEA Act and other relevant regulations.
Own and operate our second-line information security risk and compliance program
Lead the setup and operation of our ISMS, aligned with ISO 27001 standards
Drive compliance efforts with DORA, GDPR, AI act, and other relevant regulations
Review and challenge first-line teams on IT security practices, policies, and controls to identify and mitigate risks early
Define and maintain the IT risk management framework using best practices (e.g., ISO 27005, NIST)
Maintain IT compliance documentation, policies, and processes across the organization
Schedule, manage, and support audits, both internal and external
Review new tools and vendors, assist in software approval and due diligence processes
Track incidents, non-conformities, and risks—and follow up with remediation plans
Act as an internal advisor on best practices in security and compliance.
Competitive salary (evolving with you) + annual bonus based on performance
Work with a tightly-knit and multi-cultural team of senior professionals – we strive to keep the talent density very high
Hybrid work model: work from our canal-side office in Amsterdam or from home
Ability to make a real impact on the security of a regulated fintech with fast decision-making and open environment, freedom, trust
MacBook or Windows setup of your choice, standing desks, and all the tools you need
25 paid holidays per year to reload + team drinks, off-sites, and startup energy
3–5 years of experience in information security, IT isk, or compliance
Solid knowledge of DORA, GDPR, and general information security principles
Hands-on experience with setting up or managing an ISMS (ISO 27001)
Technical background or experience working closely with cloud infrastructure, CI/CD, SDLC, IAM, or microservices
Strong understanding of risk management frameworks, controls, and compliance processes
A relevant certification (e.g., ISO 27001 LA/LI, CISA, CISSP, or similar) is a plus
Comfortable coordinating audits and managing compliance documentation
Excellent communication skills and a proactive, independent approach
Proactive, pragmatic, and able to work independently - you seek ownership, impact, and room to build
Then we can’t wait to talk to you! Please apply directly with your English resume or send it via email at join@finst.com and we will get back to you before you expect it!
For more information, visit www.finst.com.
Finst welcomes everyone and is an Equal Opportunity Employer. We embrace diversity and are committed to creating an inclusive environment for employees of all backgrounds and cultures.
