• Keep the DORA and ISO-27001-aligned ISMS and enterprise risk register current; record new risks and update mitigation actions.
• Run the Business Impact Analysis and keep the BCM & Disaster Recovery Plan (DRP) current; organise tabletop and fail-over tests and report RTO/RPO gaps.
• Coordinate the managed SIEM/SOC service: validate detection rules, response playbooks and SLAs; arrange purple-team drills.
• Review cloud architectures, CI/CD pipelines before deployment to ensure controls are embedded and tested.
• Develop and track concise KRIs/KPIs for identity, data protection, infrastructure resilience and incident response; present dashboards to management and the board.
• Drive the full third-party & outsourcing-risk lifecycle (due diligence, contract clauses, ongoing monitoring) for cloud providers and other critical vendors.
• Monitor regulatory updates (EBA ICT/Security Guidelines, DORA, MiCAR, GDPR); translate them into control requirements and prepare evidence packs for supervisors and auditors.
• Lead security-awareness activities (Lunch-&-Learn sessions, phishing simulations) to foster a risk-aware culture across business and engineering teams.

Required qualifications, Capabilities And Skills

• Proven experience: 7+ years in information security, technology-risk or IT audit within a regulated FinTech, bank or SaaS; ≥ 3 years performing formal risk oversight or control testing.
• Regulatory fluency: You have hands-on experience with one or more supervisory framework (EBA ICT/Security Guidelines, DORA, BaFin, FINMA, CSSF) plus ISO 27001, DORA, GDPR
• Security-domain breadth: You can move confidently across the whole security landscape, from policy writing and risk/control assessments to access management, incident governance, vulnerability oversight, third-party risk and data-protection matters.
• Analytical & soft skills: You can turn complex technical findings into business-impact language and back your arguments with clear data.
• Crypto-key management: You are comfortable in handling certificates, keys and hardware security modules without needing to be a cryptography researcher.
• Communication skills: You know to explain risk clearly to both developers and executives; fluent in English and capable in German.
• Certification: Holding at least one major credential (CISSP, CISM, CISA, CRISC, CCSP or ISO 27001 Lead Implementer/Auditor).

Preferred qualifications, Capabilities And Skills

• Hands-on exposure to BCM / DRP activities such as BIA facilitation, tabletop-exercise design or ISO 22301 training.  
• Digital-asset custody or blockchain-analytics know-how (Fireblocks, MPC/HSM, Elliptic).
• Cloud-native security insights — container hardening, IAM (SAML / OIDC), CI/CD security checks.
• Experience with managed SIEM/SOAR, threat-hunting or red/purple-team engagements.
• Advanced certifications such as GIAC, OSCP, CCSK, or experience running red/purple-team or bug-bounty programmes.

• A high-impact role shaping Celsion’s security posture at licence-go-live and beyond
• Short decision paths and the freedom to implement modern, automated security solutions
• Collaborative, growth-oriented culture with significant professional-development opportunities
• Competitive compensation package, including training budget and the chance to work at the forefront of digital-asset finance

Celsion Finance is a pioneering force in the digital-assets space, blending traditional financial services with innovative crypto solutions. As a trusted partner for professional clients, corporates and financial intermediaries, we are committed to setting new standards for the digital age. Headquartered in Vaduz, we are in the final stages of obtaining a Liechtenstein banking licence and are scaling rapidly.

Please apply for this exciting opportunity by sending your application to jobs@celsion-finance.com.