Chief Information Security Officer (CISO)

At Aspire, we’re more than just a FinTech company—we’re the leading all-in-one financial operating system built to empower the world’s innovators and entrepreneurs. We are on a mission to reinvent business finance, empowering startups and businesses to realise their full potential.

Founded in 2018, Aspire has raised over USD 300M+ across equity and debt from world-class investors. In 2023, we successfully closed an oversubscribed USD 100 million Series C equity round led by Sequoia Capital and Lightspeed Ventures with participation of Tencent, Paypal Ventures, LGT Capital Partners, Picus Capital and MassMutual Ventures. To power our solutions, we have partnered with some of the best companies in the world such as Visa and Wise and empowered more than 50,000 businesses using our suite of products.

Aspire has consistently been recognized for excellence, earning Best Employer and Startup of the Year by the Asia FinTech Awards in 2022 and 2023, ranked as LinkedIn’s Top Startup in Singapore, and listed on CB Insights’ Top 100 Global Fintech in 2023 and 2024.

You will be amazed by the energy and experience of our team! Aspire serves as an environment for you to innovate and drive change with our team of ex-entrepreneurs, ex-founders, and high-achievers with international and diverse backgrounds.

Are you a top talent who is passionate about entrepreneurship? Join our rapidly growing team to make an impact in the fintech space! 

About the team: 

At Aspire, we understand the importance of maintaining a strong culture of compliance to protect our organization and ensure the trust of our customers. Our Compliance Team is at the forefront of identifying and addressing regulatory risks, implementing controls, and ensuring that our policies and procedures align with regulatory requirements. This allows Aspire to stay ahead of evolving regulations, proactively identifying potential risks and developing comprehensive risk mitigation strategies, hence contributing to our long-term success. 

About the role: 

We are seeking a Chief Information Security Officer (CISO) to oversee the organization’s IT governance, Risk Management, and Compliance (GRC) framework - supporting Aspire’s alignment with DORA (Digital Operational Resilience Act) and GDPR (General Data Protection Regulation) and other relevant local regulatory requirements. This role will be responsible for the independent oversight of IT risk management, cybersecurity, and data protection compliance, providing subject matter advisory to business and senior management while maintaining a strong governance structure.

Key Responsibilities:

IT Governance, Risk & Compliance (GRC) Oversight

• Develop and oversee IT governance, risk management, and compliance policies aligned with DORA, GDPR, and local regulatory requirements.
• Monitor and assess IT-related risks, identifying mitigation strategies and control gaps.
• Provide independent reporting of IT risks, incidents, and compliance gaps to senior management and the Board.
• Ensure IT risk and security frameworks adhere to DNB (De Nederlandsche Bank) EMI licensing requirements and global regulatory standards.

Cybersecurity & Operational Resilience (DORA Compliance)

• Oversee the cyber resilience strategy, ensuring compliance with DORA’s ICT risk management, incident reporting, and operational resilience requirements.
• Monitor and evaluate the organization’s third-party ICT risk exposure, ensuring robust vendor and outsourcing risk management practices.
• Lead cyber incident response and recovery planning, including tabletop exercises and penetration testing.
• Oversee the enterprise vulnerability management program, including vulnerability disclosure and bug bounty initiatives.
• Manage cybersecurity awareness training programs, including email phishing simulations.

IT Risk Control & Monitoring

• Establish and maintain the IT Risk Control Framework, ensuring effective monitoring and testing of controls.
• Conduct independent IT risk assessments and ensure effective remediation plans are in place.
• Support internal and external IT audits, ensuring audit readiness for regulatory assessments.

Privacy & Data Protection Compliance (GDPR & DORA Alignment)

• Lead the implementation of the privacy and data protection compliance program across all jurisdictions.
• Develop and oversee the data governance framework, ensuring full compliance with GDPR, DORA, and local regulations.
• Serve as the primary escalation point for privacy-related inquiries and regulatory investigations, engaging with DNB and local data protection authorities as required.
• Ensure secure data handling in IT operations, third-party engagements, and cross-border data transfers.

Stakeholder Engagement & Advisory

• Act as a trusted advisor to senior management, IT leadership, and business units on IT compliance, cybersecurity, and data protection.
• Partner with first-line IT teams to provide oversight, challenge decisions, and drive compliance improvements.
• Work cross-functionally with Legal, Compliance, and Risk teams to align policies and practices with regulatory requirements.

Minimum qualifications: 

• Bachelor’s or Master’s Degree in Information Security, Cybersecurity, Computer Science, Law, Risk Management, or a related field.
• Proven experience in IT compliance, cybersecurity, or risk management within a regulated financial institution or fintech.
• In-depth knowledge of DORA, GDPR, NIS2, and other ICT risk management regulations applicable to the Netherlands.
• Experience in IT governance, cyber risk management, and third-party/vendor risk oversight.
• Strong understanding of IT control frameworks (e.g. ISO 27001, NIST, COBIT, CIS Controls).
• Experience working in a 2nd Line of Defense function, providing independent oversight of IT risk.
• Ability to communicate effectively with technical and non-technical stakeholders, regulators, and board members.

Preferred qualifications:

• Relevant certifications in IT governance, risk, and compliance, such as:
• CISM (Certified Information Security Manager)
• CISSP (Certified Information Systems Security Professional)
• CRISC (Certified in Risk and Information Systems Control)
• CISA (Certified Information Systems Auditor)
• CDPSE (Certified Data Privacy Solutions Engineer)
• ISO 27001 Lead Implementer / Auditor 

What we offer

• Uncapped flexible annual leave.
• Hybrid work arrangement. 
• Training subsidy for your professional growth.
• Wellness benefit.
• Team bonding budget to foster collaboration and sense of belonging.
• Flexibility to work from anywhere (for up to 90 days per annum).
• Culture is Key: We always strive to cultivate a special culture that brings special talents together - You can learn more about our culture on our careers site and LinkedIn Life page.
  

Equal Opportunity Statement 

Aspire is an equal opportunity employer and is committed to providing equal employment opportunities to all qualified individuals without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or any other protected characteristic as outlined by applicable laws. 

Please note: by submitting your application, you acknowledge that you have read and understood Aspire’s Data Protection Policy for Employees, Freelancers, Contractors and Job Applicants (the “Policy”), and consent to the collection, use and disclosure of your personal data by Aspire for the purposes set out in the Policy. You may withdraw consent for such collection, use and disclosure, and make an access or correction request in respect of your personal data, in accordance with the Policy by emailing people@aspireapp.com.