Senior Security Lead (Threat & Risk)

Hercle is a fast‑growing fintech building institutional‑grade infrastructure that bridges fiat, stablecoins, and digital assets, enabling cross‑border transactions at scale and in real time. Serving over 200 clients globally, Hercle provides banks, brokers, payment service providers, and fintechs with seamless solutions for cross‑border payments, trading, and treasury management.

Being a technology‑first fintech company, driven by young, passionate people, we value our employees as our greatest asset, giving them a lot of responsibility from the very start and all the support they need to make a difference and grow together with the company. Our flat structure fosters a culture of openness, inclusivity and collaboration, encouraging the sharing of ideas and knowledge across a wide range of top‑level expertise. Everyone at Hercle is a self‑starter, outstanding professional who owns his/her tasks and schedule. As a member of the team, you are in charge to achieve your goals and fulfill your mission with the added support, network and knowledge of everyone else. We look for people who thrive on deep personal growth motives, a passion for collaborating on new, cutting‑edge ideas, and are highly intelligent and adaptive in their own sphere of knowledge and expertise, to share a mutual benefit and passion in between all team members.

The Senior Security Lead (Threat & Risk) plays a crucial role in strengthening Hercle’s resilience to technology, cyber, and information security risks. You’ll operate as part of the second line of defense, giving independent challenge, direction, and oversight to how security and technology risks are managed in the first line in a way that fits a fast‑moving scale‑up, not a bank.

This is a hands‑on role. You’ll bring deep expertise in information security, technology risk, and cyber resilience, and you’ll use it to help shape how Hercle builds a stronger and more mature security capability. You’ll be involved across the spectrum – from threat intelligence and incident readiness to control design, cloud security, and security operations – supporting the evolution of the CISO function as we scale. You’ll work closely with engineering, product, and operations to identify risks early, understand how attackers think, and challenge teams constructively when something isn’t where it needs to be. Your goal is to help the first line build secure systems and processes without slowing the business down. A key part of your work will be leading the design and rollout of Hercle’s ICT & Security Risk Management Framework, making sure it reflects our business model, aligns with regulatory expectations where relevant, and follows modern industry practices – without unnecessary overhead. This role is a great fit for someone with a strong technical security background who enjoys balancing practical, hands‑on security work with the broader mindset required to operate effectively in the second line of defense.

• Work closely with the CISO and engineering leads to shape how we approach cybersecurity and technology risk in a fast‑moving environment.
• Help build, evolve, and maintain a security framework that actually works in real life – combining threat intelligence, hands‑on controls, and lightweight processes.
• Contribute to defining how much risk we’re comfortable taking, and help turn that into clear, simple metrics the business can understand and act on.
• Make sure key security and tech risks are surfaced, shared, and understood across teams without slowing anyone down.
• Keep governance practical and minimal, focusing on what helps us move faster and stay secure at the same time.

• Lead hands‑on assessments of systems, applications, and cloud services – focusing on what matters most.
• Partner with IT and Security teams to design and improve controls; act as a friendly challenger, not a blocker.
• Stay ahead of emerging threats and vulnerabilities, and translate them into real impact for our environment.
• Strengthen our incident response readiness by reviewing playbooks, testing scenarios, and embedding lessons learned.
• Run focused assurance checks to ensure our security controls work as expected and evolve as we scale.

• Work with product, engineering, and business teams to help them adopt new tech securely – cloud, AI, automation, new platforms, you name it.
• Partner closely with the CISO office to define and track meaningful security metrics and KRIs that support smart decision‑making.
• Drive simple, engaging training and awareness efforts that naturally lift our security culture without resorting to box‑ticking.

• You’re deeply comfortable in the worlds of InfoSec, Computer Science, Engineering, or Technology Risk – you’ve lived in these spaces, not just studied them.
• You’ve actually hunted threats and run penetration tests in real environments.
• You bring 3–6 years of hands‑on experience in areas such as Security Operations, Incident Response, Detection Engineering, Red Team/Offensive Security, or Cyber Threat Intelligence.
• You can investigate system, network, and application logs and spot attack patterns across the full kill chain.
• You’ve previously owned or strongly contributed to security or risk responsibilities – for example as an Information Security Officer, Cyber Risk Manager, or senior IT/Sec specialist.
• Bonus points if you’ve helped build or mature a CISO function, Security Operations capability, or broader security program.
• Extra nice: experience working in regulated or high‑stakes environments (fintech, telco, critical infrastructure, etc.).

• Strong hands‑on understanding of modern security tooling and cloud security, especially:
• AWS security services: GuardDuty, Security Hub, IAM, CloudTrail, WAF, KMS
• AWS Directory Services and Azure Entra
• SIEM platforms, IDS/IPS, firewalls, and endpoint protection tools
• Scripting: Python, Bash, or PowerShell
• Infrastructure as Code: Terraform or CloudFormation
• Nice to have: broader security domains – vuln management, network security, cloud/app security, endpoint security, data protection, IAM
• Cybersecurity frameworks: NIST CSF, ISO 27001, CIS Controls, COBIT
• Risk frameworks: ISO 31000, COSO ERM, Basel II/III
• Experience with incident response, threat intelligence, disaster recovery, and business continuity
• You’re comfortable using security assessment tools and can translate technical findings into clear, practical risk insights.

• CISSP, CISM, CRISC, CISA, or ISO 27001 Lead Implementer

• Clear, confident communication – able to work with engineers and non‑technical stakeholders alike.
• Strong analytical and problem‑solving mindset; able to connect technical risks to real business impact.
• High initiative, autonomy, and ownership – you’re effective in fast‑moving, less‑structured environments.
• Natural collaborator with a track record of driving cross‑team improvements.

• Competitive salary.
• Career and personal growth opportunities.
• The opportunity to shape risk management strategies in a fast‑growing scale‑up.
• Flexible working arrangements (remote/hybrid).
• Collaborative and forward‑thinking work environment.

If you’re interested, feel free to reach out and send us your CV!

By submitting this application, I confirm that all the information given by me in this application for employment and any additional documents attached are true to the best of my knowledge and that I have not wilfully suppressed any material fact. I confirm I have disclosed if applicable any previous employment with Hercle. I accept that if any of the information given by me in this application is in any way false or incorrect, my application may be rejected, any offer of employment may be withdrawn or my employment with Hercle may be terminated summarily or I may be dismissed. By submitting this application, I agree that my personal data will be processed in accordance with Hercle's Candidate Privacy Notice.