Information Security Operational Risk Manager

Spain

About us:

We believe the next generation of financial services will be powered by stablecoins.

Founded in 2021, our mission at BVNK is to accelerate global money movement.

We’re building stablecoin-native infrastructure so businesses can move value instantly across borders and networks. With global licenses and T1 bank partnerships, we facilitate billions in transactions for enterprise clients like Worldpay, Deel, LianLian Global, and Rapyd.

Our technology is transforming how businesses operate globally by eliminating payment delays, reducing costs, and unlocking trapped capital.

We’re a diverse team spread across EMEA, North America, and APAC, with a shared belief that stablecoins are the new infrastructure layer for financial services, and that BVNK is at the forefront of this shift.

In 2025, we secured strategic investment from Visa, following our $50 million Series B with Haun Ventures, Coinbase Ventures, Scribble Ventures, DRW Venture Capital, Avenir, and Tiger Global. With the backing of these leading investors, we’re accelerating our growth – and we're looking for smart, ambitious people to help us build the future of financial services.

We're incredibly honored to have made Newsweek's list of The Top 100 Global Most Loved Workplaces three years running (most recently in 2025) and to have been recognised by LinkedIn as one of the Top 20 Startups in the UK in 2024.

About this role in the team:

The Information Security Operational Risk Manager at BVNK is instrumental in establishing and maintaining a robust framework for managing operational risks related to information security. This involves identifying, assessing, and mitigating risks across business processes, technology platforms, third-party engagements, and regulatory compliance requirements. The Manager will collaborate across the organization, ensuring operational resilience and alignment with the overall risk appetite and security strategy.

Key Areas of Responsibilities:

Risk Identification and Assessment

• Develop and manage the information security operational risk register, ensuring accurate classification, measurement, and reporting of identified risks.
• Conduct regular operational ICT risk assessments across critical business processes, IT systems, and applications to identify control weaknesses and potential impact scenarios.
• Collaborate with business process owners to integrate ICT risk controls and ensure adherence to the 'three lines of defense' model.
• Integrate and monitor internal fraud controls specifically related to IT systems, processes, and privileged access, establishing necessary detection and prevention mechanisms.

Risk Mitigation and Control Management

• Design, implement, and monitor key risk indicators (KRIs) and key performance indicators (KPIs) for IT security controls and processes.
• Facilitate the control self-assessment process, verifying the existence and effectiveness of security controls across the organization.

Investigations, Policies, and Training

• Investigate and create comprehensive reports regarding fraud cases, security incidents, and privacy violations, ensuring timely follow-up on remediation measures.
• Conduct operational risk reviews of client processes and tools, presenting recommendations on identified security gaps and creating initiatives for fraud prevention.
• Develop new documents for Security Related Policies and update current policies.
• Create new documents for other departments related to Security or information security topics.
• Design and execute specialised training and projects, including yearly security awareness campaigns, mandatory specialized training (e.g., work-from-home security), and developing security projects like phishing simulations.

What we need from you:

• Bachelor’s degree in Business, Information Technology, Information Security, or a related field, or equivalent experience.
• 4+ years of experience in operational risk management, IT risk, IT audit, or information security governance roles.
• Professional certifications such as CRISC, CISSP, CISM, or similar are highly desirable.
• Demonstrated ability to develop, implement, and maintain an operational risk framework, ideally within an information security context.
• Strong understanding of security controls, governance, risk, and compliance (GRC) principles.
• Exceptional analytical and problem-solving skills, with a focus on translating technical risks into business context.
• Excellent collaboration and communication skills, capable of influencing stakeholders across technical and non-technical teams.
• Proficiency in utilising GRC tools and platforms for risk and control management.

What you can expect from us:

• Fair and competitive salary at every stage of your growth
• Meaningful ownership in the business through our employee option scheme
• Flexible working hours, with hybrid working at its heart
• A culture built on passionate, growth-minded people
• A flexible approach to holiday
• Opportunities to travel to our offices around the world
• An open and creative environment where you can help us define the future of BVNK, its culture, and its opportunity sets

At BVNK, we are focused on building a diverse and inclusive team. While you may not meet all of our requirements, we’d encourage you to apply if you meet the majority of our expectations. You may be a great fit for this role or another role in our team.