Responsibilities
- Develop and sustain an ICT risk management framework compliant with DORA and CSSF Circular 25/880
- Create, enforce, and regularly update information security policies and operational procedures
- Establish and manage a register of third-party ICT providers, including cloud services and critical vendors
- Produce and submit ICT-related reports to executive leadership and the CSSF, covering incidents, key risk indicators, and resilience testing results
- Lead operational resilience testing initiatives, including threat-led penetration testing where applicable
- Monitor and address regulatory impacts from European expansion, including coordination with local authorities in passported jurisdictions
- Design and supervise a governance model for AI security and risk, aligned with strategic objectives and regulatory expectations
- Formulate and guide the organization’s cybersecurity strategy and policy direction
- Manage the identification, response, and regulatory reporting of significant ICT security events via the CSSF eDesk system
- Oversee controls related to access management, data privacy, and payment infrastructure security
- Ensure adherence to PCI-DSS standards and strong customer authentication mandates under PSD2
- Coordinate internal audits, risk evaluations, and penetration testing activities
- Supervise cloud-centric IT infrastructure, technical service providers, and associated contractual agreements
- Develop a technology roadmap that supports business goals and meets regulatory obligations
- Manage relationships with key IT vendors and ensure service level agreements are met
- Lead cross-departmental technology initiatives such as system migrations, integrations, and payment platform enhancements
- Maintain and test Business Continuity and Disaster Recovery plans
- Collaborate with the parent organization’s IT team to align Group systems with the entity’s regulatory requirements while establishing independent governance
- Deliver security awareness programs and training across the organization
- Work closely with Compliance, Risk, and Internal Audit functions
- Serve as the main point of contact during CSSF inspections, both on-site and remote
Compensation
Competitive Salary and Equity: We offer highly competitive salaries and a stake in our success with share options because we're building this together. Diverse and Inclusive Team: Join a dynamic and international team in excess of 8 nationalities. You'll have the chance to work with experienced professionals from around the world, fostering a rich learning environment. Inspiring Mission: We are dedicated to revolutionizing business financing and making a positive impact on the European economy. Your work at INFINIT will have a lasting effect on businesses and communities. Health and Well-being: Your health matters to us. You will have access to top-quality Medical & Mental Health Insurance. Quality Time Together: We foster a sense of community with annual gatherings and bi-weekly office team gatherings. You're more than welcome to join us for quality time. Personal Time Off: Enjoy flexibility with your personal time off. Flexibility and Ownership: We trust our team and we are goal-oriented. Enjoy the flexibility of hybrid working 3 days a week in our Luxembourg office and 2 days at home.
Work Arrangement
Hybrid
Team
Coordinate closely with the Group IT function (existing infrastructure and technology team)
What about us?
Launched in 2023, the company is a fast-growing fintech scale-up operating in multiple countries across Europe and the Americas. It is on a mission to reshape the future of SMEs with AI at the forefront. Its all-in-one operating system, built around banking, enables small business owners and their teams to manage and optimize all aspects of their business using AI agents. By focusing on specific industries, it delivers tailored, high-value solutions while developing innovative AI products to unlock growth opportunities for customers. The company operates globally and aims to expand further to redefine the fintech landscape for SMEs worldwide.
Diversity & Inclusion
The company fosters an inclusive culture that values equity and diverse perspectives. It is an equal opportunity employer and considers all qualified applicants without regard to race, colour, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran status, or other legally protected characteristics.
Other
- Fluent English and French required
- Luxembourgish or German is a great plus
- Ability to operate autonomously in a lean, growing organisation
- Strong communication skills with Board members and non-technical stakeholders
- Rigorous documentation discipline is essential for CSSF inspections
- Pragmatic approach: ability to apply the DORA proportionality principle effectively
- Must be formally designated as the entity’s ICT Risk Management responsible before the CSSF
- Must be able to represent the entity during on-site and remote supervisory reviews conducted by the CSSF
