Full-time

Light is hiring an InfoSec & Cybersecurity Lead

About the Role

Light is seeking an InfoSec & Cybersecurity Lead to define the strategy, architecture, and governance of security across our platform, infrastructure, and internal systems. You will be a core voice in risk decisions and compliance, balancing strategic thinking with hands-on execution to secure our high-growth environment.

What You'll Do

  • Develop the security strategy, maturity roadmap, and key metrics.
  • Lead security compliance programs (SOC 2, ISO 27001, PCI DSS, GDPR) and audits using Vanta, and manage third-party and vendor risk.
  • Review system designs, threat-model new features, secure integrations, and embed security into CI/CD pipelines.
  • Establish and maintain incident response plans, run simulations, and lead real-world incident triage and remediation.
  • Drive a security-first mindset through training, awareness, and role-based access controls.
  • Evaluate and ensure the security of vendors, cloud infrastructure, access controls, and network segmentation.

What We're Looking For

  • 5-7 years’ experience in information security or cybersecurity roles, preferably in fintech, SaaS, or payments.
  • Proven experience owning security in a fast-moving, high-growth environment.
  • Deep technical expertise: cloud (AWS, GCP, Azure), network and application security, identity & access, encryption, and threat modelling.
  • Hands-on in vulnerability management, penetration test oversight, secure code review, and incident response.
  • Familiarity with compliance on financial systems: SOC 2, ISO 27001, PCI, GDPR, etc.
  • Excellent risk judgment and ability to balance security with business velocity.
  • Strong communication skills — able to influence non-technical stakeholders and train engineers.
  • Experience leading or scaling a small security team or managing security partnerships.

Nice to Have

  • Prior experience in fintech, financial software, or payments.
  • Certifications such as CISSP, CISM, OSCP, CRISC, or equivalent.
  • Experience with specific regulatory standards (e.g. PCI, PSD2, ISO 27001).
  • Experience in embedding DevSecOps practices and platform security.

Technical Stack

  • AWS, GCP, Azure, Vanta

Benefits & Compensation

  • Competitive salary + stock options in our fast-growing startup.
  • Paid parental leave.
  • 25 days of annual leave + public holidays (in your country).
  • Regular socials and company off-sites.
  • A huge opportunity to shape a market-defining product and engineering culture.

Light is an equal opportunity employer.

Required Skills
AWSGCPAzureVantaCompliance FrameworksRisk ManagementSecurity ArchitectureIncident ResponseSecurity PoliciesThreat ModelingCloud SecurityIAMSIEMAudit Management
Invoicing holding you back?

Focus on work, not paperwork

Stop worrying about invoicing, taxes, and compliance. Glopay handles the business setup, you handle the client work. Get paid faster and look professional.

Auto-generated compliant invoices
Built-in expense management
Income reports for tax season
95% of earnings stay with you
Try Glopay free
No credit card needed
About company
Light

Light exists to replace factory-era ERPs with software that feels alive. Our Smart Financial Platform gives modern, global companies superpowers—automated accounting, real-time reporting, and financial flows that move at the speed of the business.

Visit website
Job Details
Category security
Posted 4 months ago