Junior Information Security Associate, Vienna

Your mission As an Information Security Senior Associate, you will drive key parts of our governance, risk, and compliance (GRC) program in a regulated fintech environment. You’ll own recurring GRC processes end‑to‑end (such as evidence cycles, control testing, risk workflows), partner with control owners across the business, and help keep us continuously audit‑ready. You’re hands‑on, independent, and able to translate requirements into practical controls, while knowing when to escape and when to simplify.

What you’ll do

Governance&control framework ownership : Own and maintain parts of the ISMS; ensure policies/standards are implemented in a measurable way; support security‑by‑design governance for new initiatives.

Assurance&audit execution : Plan and run audit readiness activities (ISO 27001/SOC 2/internal audit/regulatory requests): timelines, evidence plans, stakeholder coordination; review evidence for quality (period coverage, completeness, traceability), challenge gaps, and drive remediation with control owners; draft clear, consistent responses to auditors and internal stakeholders; maintain an action plan and verify closure.

Risk management : Facilitate risk assessments for systems/projects/vendors with appropriate depth; document outcomes and treatment plans; maintain the risk register quality; identify systemic themes (repeat findings, control weakness patterns) and propose improvements to reduce residual risk.

Third‑party risk&compliance enablement : Lead parts of third‑party risk management: due diligence reviews, tracking remediation commitments, and supporting security contractual requirements; partner with Procurement/Legal/Business owners to ensure proportionate security requirements for vendors (especially critical service providers).

Control testing&continuous improvement : Execute control design/operating effectiveness testing for a defined control set; document results and recommend improvements; produce GRC reporting and metrics for leadership (audit status, overdue actions, risk trends, control health indicators); improve GRC workflows through templates, playbooks, automation, and tooling (where applicable).

Who you are

You’re proactive and ownership‑driven: you don’t wait to be told what’s missing; you spot gaps and fix them.

You can balance rigor with pragmatism, applying controls proportionate to risk and business criticality.

You write clearly and persuasively, especially when documenting controls, risks, and audit responses.

You’re comfortable challenging constructively; asking “show me” and improving evidence and control quality without being obstructive.

You’re collaborative and calm under deadline pressure (audits, regulator requests, and escalations).

What’s in it for you

Flexibility to work where you thrive

– Enjoy the freedom of our Hybrid working model, combining onsite collaboration and remote work, with an additional 25 days per year to work from a city or country of your choice.

Reward for your impact

– Receive a competitive total compensation package aligned with Bitpanda’s pay‑for‑impact policy, including participation in our stock option plan.

Support for your mental wellbeing

– Access confidential coaching, counselling, and mental health resources whenever you need them through OpenUP.

Time to recharge

– Take extra time off to rest, reset, and recharge, with 3 additional days off in 2026 to prioritise your wellbeing.

Continuous learning and growth

– Grow your skills and stay ahead in your career with unlimited access to Udemy’s library of online courses at your own pace.

Exclusive perks and rewards

– Enjoy discounts, rewards, and perks from partners worldwide across lifestyle, wellness, tech, and travel.

Support during life milestones

– Take advantage of our additional 8 weeks of gender‑neutral new parent leave to welcome and bond with your new addition to the family.

Fuel and focus on‑site

– Pandas in Vienna, Bucharest, Barcelona, and Berlin can enjoy free onsite dining, with freshly prepared lunches and snacks to keep you fueled and focused all day long.

Recognition for your contributions

– Celebrate milestones and achievements with recognition and rewards for your Tenure at Bitpanda.

Show your Bitpanda pride

– Access exclusive Bitpanda‑branded merchandise and gear to represent.

Connect and celebrate with your team

– Join unforgettable company events, from our Winter Party in Vienna to gatherings worldwide, fostering fun, connection, and celebration.

…and even more location‑specific benefits designed to make life at Bitpanda even more rewarding wherever you are.

Above all, you will have the opportunity to learn and grow as part of Bitpanda’s incredible journey towards becoming Europe’s future #1 investment platform.

Bitpanda is committed to fostering a fair and equal environment based on trust and mutual respect. We believe that a diverse and inclusive workplace is paramount to our success and we are committed to building a team that represents a wide variety of backgrounds, perspectives, and skills.

These benefits may be adjusted at Bitpanda’s discretion and do not apply to our internships; exceptions to our Hybrid Working policy apply to teams with shift schedules or for folks whose roles require them to be in‑office (think: Workplaces team or IT).

#J-18808-Ljbffr