Head of Security

Head of Security/ Security Manager/ Senior Security Engineer 
Seniority: Senior/ Principal level 
Location: Warsaw, Poland 
Contract type: Full-time, UOP
Work Environment: Remote 

At Evooq, we are building an ecosystem of solutions that combine data, technology, and investment expertise. Finance professionals use our platform to quickly identify investment opportunities, make informed decisions, and manage risk across the entire investment lifecycle. We operate through highly autonomous teams built on a culture of trust and responsibility.

Now, we’re expanding by launching a new tech hub in Warsaw, which will act as a direct extension of our core engineering teams in Lausanne, Zurich, and Singapore. 

We are looking for a Head of Security (or a senior security leader ready to step into their first Head role) with strong engineering and technical security expertise to build and lead our security program. Reporting to the CTO, you will own the security of our SaaS platform, infrastructure, and corporate environment, while also enabling enterprise sales through an efficient, automated approach to compliance and customer trust. 

This role is ideal for someone who has deep hands-on experience in cloud and application security, plus exposure to compliance and governance, and is motivated to step up and lead. We value a builder’s mindset and the ability to grow with us more than long résumés or rigid opinions. 

You will be hands-on with cloud and application security, incident response, and detection, while also shaping how we approach governance and compliance. A key responsibility will be to automate as much as possible the GRC workflows (evidence collection, audit prep, questionnaire responses) so the company stays audit ready without adding bureaucracy.

Technical Security Leadership

• Drive security across our SaaS platform and cloud infrastructure (AWS).
• Partner with Engineering to embed secure coding practices, automated scanning, and CI/CD security controls.
• Oversee vulnerability management, penetration testing, and incident response processes. 
• Define and monitor security metrics, detections, and logging to ensure visibility and resilience.

Security Program & Automation

• Own the company-wide security roadmap, aligning technical and business priorities.
• Lead risk management: identify, assess, and mitigate key risks.
• Build or adopt tooling to automate compliance evidence collection, security questionnaires, and audit reporting.
• Define and enforce access controls, identity management (SSO, MFA), and endpoint security in
• partnership with IT.

Compliance & Customer Trust

• Maintain compliance with ISO 27001, GDPR and other relevant standards.
• Lead external audits and security certifications, using automation to minimize manual effort.
• Streamline responses to enterprise customer security reviews and RFPs.

Leadership & Growth

• Grow into leading a lean security team as the function expands.
• Manage relationships with external vendors and consultants (pen-testing, compliance support).
• Promote a culture of security awareness across the company.

Qualifications

• 5+ years in information security with a strong background in cloud and application security.
• Hands-on experience with AWS security, modern DevOps practices, and SDLC security.
• Proven ability to design and implement security tooling and automation.
• Familiarity with ISO 27001, GDPR or similar frameworks, ideally with an emphasis on automation.
• Comfortable representing security in customer conversations and enterprise due diligence.
• Strong communication skills: able to translate technical risks into business impact.
• Experience mentoring or guiding others; formal management experience a plus but not required.

Nice to Have

• Startup or scale-up SaaS experience.
• Prior success with automation.
• Certifications such as CISSP, CISM, or cloud security certs (AWS).

Evooq is a global provider of technology-driven solutions for wealth and asset managers. We aim to radically simplify the investment process and make investments more accessible and more understandable for professional investors and their clients.

Our clients include some of the world’s largest banks, as well as wealth management companies and pension funds across Europe and Asia.

We are headquartered in Lausanne and have offices in Zurich, Geneva, Fribourg and Singapore.