Information Security Senior Risk Officer

Triple-A is a global payment institution licensed in the United States, Europe, and Singapore, enabling businesses worldwide to pay and get paid in both local and digital currencies.

We empower businesses to reach over 560M digital currency owners, boost revenue, and optimise costs through stablecoin and cryptocurrency payments, while eliminating volatility, custody, and compliance risks. Our commitment is to build a more efficient, inclusive global payment ecosystem by bridging the gap between local and digital currencies.

Registered with the United States Financial Crimes Enforcement Network (FinCEN), licensed by the Monetary Authority of Singapore (MAS), and Banque de France's ACPR in Europe, Triple-A is trusted by over 20,000 businesses worldwide to make global crypto payments simple, secure, and cost-effective. We are a dynamic and passionate team building towards a more efficient global payment ecosystem. We actively bridge the gaps in cross-border payments, between traditional & digital currencies, and Web2 and Web3.

Triple-A is seeking a highly experienced and strategic Chief Information Security Officer (CISO) to lead our information security vision, strategy, and operations for France and the wider European Union. You will be responsible for establishing and maintaining a robust security posture, ensuring compliance with local and EU regulations (particularly ACPR and GDPR), and safeguarding our assets, data, and reputation in a dynamic and rapidly evolving fintech landscape.

Develop, implement, and monitor a comprehensive information security and risk management strategy and program specifically tailored for Triple-A's French and EU operations, while ensuring alignment with the global cybersecurity framework.

Serve as the primary point of contact for all cybersecurity matters related to French and EU regulations. Ensure full compliance with ACPR requirements, GDPR, and other relevant data protection and cybersecurity directives (e.g., Identify, evaluate, and mitigate information security risks across French / EU operations. Conduct regular risk assessments, vulnerability assessments, penetration testing, and business impact analyses.

Develop and maintain an effective incident response plan for French / EU operations.

Develop, implement, and enforce information security policies, standards, procedures, and guidelines in accordance with French / EU regulations and global company policies.

Provide expert guidance on the security design and architecture of new and existing systems, applications, and infrastructure deployed or utilized within the French / EU context, particularly concerning payment gateways and crypto-asset security.

Awareness & Training :

Develop and promote a culture of security awareness within Triple-A France through training programs and ongoing communication.

Work closely with the global cybersecurity team in Singapore, local IT, legal, compliance, and business units in France. Provide regular reports on the regional security posture, risks, and compliance status to local management and the Global Head of Cybersecurity.

Assess and manage information security risks associated with third-party vendors and partners operating within the French / EU scope.

Budget Management :

Develop and manage the cybersecurity budget for French operations, ensuring optimal allocation of resources.

Bachelor's or Master's degree in Computer Science, Information Security, Cybersecurity, or a related field.

Minimum of 5+ years of experience in information security, with at least 2 years in a senior leadership role (e.g., CISO, Head of Security, Senior Security Manager).

In-depth knowledge of French and EU cybersecurity and data protection regulations, including ACPR specific requirements for payment institutions, GDPR, and ideally familiarity with DORA, NIS2.

Strong understanding of security domains including network security, application security, cloud security (AWS, Azure, GCP), cryptography, identity and access management, incident response, and disaster recovery.

Fluency in French and English (both written and spoken) is mandatory.

A unique opportunity to shape the cybersecurity landscape of a rapidly growing global leader in the cryptocurrency payments space.

A key strategic role with significant impact on our French and European operations.