Finst is one of the largest regulated cryptocurrency platforms in The Netherlands and offers a unique combination of transparency, maximum safety and ultra-low fees.
We are a mission-driven start-up led by the former core team of DEGIRO and backed by some of the most successful entrepreneurs and investors on the continent (DEGIRO co-founders, Deribit, Endeit). We aim to become the largest and most-trusted regulated crypto-assets platform in Europe within 5 years.
We’re looking for a hands-on Information Security Officer to join our team and take full ownership of our second-line IT risk and information security function. You’ll be reporting directly to the Chief Compliance Officer and work closely with engineering, product, and platform teams to build, challenge, and improve our security and compliance posture in line with DORA, ISO 27001, GDPR, AI Act, EEA Act and other relevant regulations.
Own and operate our second-line information security risk and compliance program
Lead the setup and operation of our ISMS, aligned with ISO 27001 standards
Drive compliance efforts with DORA, GDPR, AI act, and other relevant regulations
Review and challenge first-line teams on IT security practices, policies, and controls to identify and mitigate risks early
Define and maintain the IT risk management framework using best practices (e.g., ISO 27005, NIST)
Maintain IT compliance documentation, policies, and processes across the organization
Schedule, manage, and support audits, both internal and external
Review new tools and vendors, assist in software approval and due diligence processes
Track incidents, non-conformities, and risks—and follow up with remediation plans
Act as an internal advisor on best practices in security and compliance.
Great skills come with great benefits – we offer competitive fixed remuneration (evolving with you) + bonus scheme
Our top employees get rewarded with shares incentive plan – we want you to own it
Work with a tightly-knit and multi-cultural team of senior professionals – we strive to keep the talent density very high
Fast decision-making and open environment, freedom, trust, and the opportunity to make a unique impact
Work from a very cool office in the heart of Amsterdam
25 paid holidays per year to reload
Get the tech you need: MacBook, Windows, standing desks – you name it
Flexibility: although we like and encourage being together in the office, it ultimately doesn’t matter where and when you work, as long as you get it done
No office politics – we’re too busy changing the crypto industry
Monthly team drinks and yearly company off-sites – work hard, play harder
At least 3–5 years of experience in information security, IT risk, or compliance
Solid knowledge of DORA, GDPR, and general information security principles
Hands-on experience with setting up or managing an ISMS (ISO 27001)
Technical background or experience working closely with cloud infrastructure, CI/CD, SDLC, IAM, or microservices
Strong understanding of risk management frameworks, controls, and compliance processes
A relevant certification (e.g., ISO 27001 LA/LI, CISA, CISSP, or similar) is a plus
Comfortable coordinating audits and managing compliance documentation
Excellent communication skills and a proactive, independent approach
Proactive, pragmatic, and able to work independently - you seek ownership, impact, and room to build
Then we can’t wait to talk to you! Please apply directly with your English resume and we will get back to you before you expect it!
For more information, visit www.finst.com.
Finst welcomes everyone and is an Equal Opportunity Employer. We embrace diversity and are committed to creating an inclusive environment for employees of all backgrounds and cultures.
Finst does not accept resumes from staffing, search, or recruitment agencies without a signed agreement. If you send us a resume without such an agreement, we may contact the candidate directly without any obligation whatsoever and no fee of any kind will be paid should we hire the candidate.
