Head of Information Security

Cleverbridge is the smarter way to sell globally. As a premium Merchant of Record (MoR), we simplify global software sales by combining powerful platform capabilities — including payments, subscriptions, taxes, and compliance — with expert services that fuel growth across the entire customer lifecycle. From onboarding and implementation to ongoing optimization and strategic guidance, our team works as an extension of our clients', helping them remove friction, reduce risk, and expand into new markets with confidence.

About The Role

We are looking for an experienced Head of Information Security who will shape and lead our security strategy. In this role you report to the VP IT & Infrastructure and collaborate closely with Engineering, Legal, and Compliance teams.

This role offers the opportunity to further develop our Information Security function into a proactive, engineering‑aligned capability that supports secure software development (“secure by design”), ensures readiness for audits such as PCI‑DSS and SOC 2, and strengthens our resilience in an evolving threat landscape.

We are looking for a leader with strong technical credibility, a pragmatic mindset, and experience working in software‑driven environments.

Responsibilities

• Ownership and continuous improvement of Cleverbridge’s overall security posture, ensuring transparency of the security risk landscape through clearly defined and measurable KPIs.
• Definition and proactive evolution of the company’s information security strategy in alignment with business objectives and the evolving threat landscape. In close collaboration with Engineering, integration of security into software development (SDLC) and platform operations, promoting secure‑by‑design principles across the organization.
• Establishment of pragmatic security standards and guardrails, providing clear, risk‑based guidance to support prioritization of security initiatives and enable teams to implement secure solutions effectively.
• Preparation of the organization for regulatory and audit requirements such as PCI‑DSS and SOC 2 by translating compliance expectations into practical and scalable controls.
• Strengthening of capabilities for detecting and responding to security threats by promoting appropriate logging, monitoring, and alerting practices across applications and infrastructure.
• Evaluation and implementation of security technologies aligned with architecture and engineering workflows, including contributions to build‑versus‑buy decisions to ensure scalable and maintainable solutions.
• Acting as a trusted advisor by collaborating with internal stakeholders and representing Cleverbridge in security‑related interactions with customers, partners, and auditors when required.

What We’re Looking For

Professional Experience

• 7+ years of relevant professional experience in Information Security or closely related fields.
• Degree in Computer Science, Information Technology, Cybersecurity, or a related field, or equivalent knowledge gained through proven practical experience.
• Experience working with software development organizations, with a strong understanding of how modern applications and platforms are built and operated.
• Proven background in Information Security or Security Engineering roles, ideally within cloud‑based or SaaS environments.
• Familiarity with common security standards and frameworks such as PCI‑DSS and SOC 2, or comparable approaches.
• Experience in environments handling sensitive (payment‑related) data is a strong advantage.
• Exposure to emerging topics such as security considerations in AI‑enabled environments is a plus.
• Strong technical foundation supported by hands‑on experience.
• Solid understanding of modern application architectures, APIs, identity and access management concepts, and typical vulnerabilities affecting distributed systems.
• Ability to confidently discuss architecture decisions with engineering teams.
• Experience evaluating security tooling and approaches that integrate effectively into modern development workflows, including a clear understanding of how logging, monitoring, and detection capabilities contribute to improving security posture.

Leadership & Personal Skills

• Strong sense of ownership and accountability for outcomes, with a clear motivation to improve the organization’s security posture.
• Experience leading and developing small teams.
• Clear and effective communication skills across both technical and non‑technical stakeholders, with the ability to build trust across the organization.
• Fluency in English (written and spoken) is required; German is considered a plus.
• Structured and transparent working style with a focus on measurable progress. A team‑oriented mindset that fosters constructive dialogue and promotes a culture where security is understood as a shared responsibility.