How you'll make an impact

Client Engagement & Security Representation

• Serve as Yields’ primary security contact in meetings with clients and prospects across pre-sales, onboarding, and periodic reviews.
• Provide clear, authoritative explanations of our ISMS, compliance posture, and security controls to technical and non-technical audiences.
• Support contract negotiations and due diligence processes from a security and risk perspective.

Questionnaire & RFP Management

• Lead responses to security questionnaires, vendor risk assessments, and RFPs in alignment with ISO 27001 controls.
• Coordinate inputs across Product, Engineering, and Customer Success to ensure accuracy and completeness.
• Maintain and continuously improve a knowledge base of standard answers and supporting evidence.

ISMS Maintenance & Operations

• Oversee core ISMS activities including access rights reviews, policy versioning, KPI tracking, and risk register management.
• Ensure continuous compliance with ISO 27001:2022 and evolving regulatory requirements.
• Coordinate management reviews and maintain audit-ready documentation.

Team & Cross-functional Leadership

• Manage and mentor the internal security team (currently one Security Engineer), including defining a clear development path and growth trajectory for the role.
• Coordinate with Engineering and Product on CVE management processes, secure development principles, and secure DevOps practices.
• Advise the Customer Success team on security best practices.
• Act as a mandatory stakeholder in change management processes across product, infrastructure, and vendor decisions.
• Provide risk-based security recommendations and evaluate control adequacy for proposed changes.
• Escalate high-impact risks to the appropriate C-level stakeholder.

Incident Management & Client Follow-Up

• Lead investigation, coordination, and resolution of security incidents.
• Ensure timely, structured, and compliant communication with affected clients.
• Supervise root cause analysis, post-incident reviews, and risk treatment actions.

Security Awareness & Training

• Design, deliver, and evaluate the company-wide information security awareness programme.
• Monitor participation and training effectiveness; align content to evolving threats and compliance obligations.
• Ensure role-specific training is current and appropriately targeted.

ISMS Leadership Responsibilities

As CISO, you hold overarching accountability for the ISMS, including:

• Ensuring compliance with applicable local and global regulations (privacy, security, administrative).
• Defining and disseminating information security policies, procedures, and guidelines.
• Leading the organisation’s response to actual or suspected breaches in confidentiality, integrity, or availability.
• Reporting to the Management Review and Executive Committee on security matters, on a regular and ad-hoc basis.
• Advising on ISMS implementation requirements across the business.
• Monitoring and measurement of security processes, controls, and objectives.
• Identifying, reviewing, and following up on information security risks.

‍

What we're looking for

• Proven experience in an information security leadership role, ideally within a regulated industry B2B SaaS industry (financial services, fintech, or SaaS).
• Strong working knowledge of ISO 27001:2022 and experience maintaining and achieving certification.
• Experience managing a security team.
• Track record of representing security to enterprise clients, including during audits, due diligence, and RFP processes.
• Comfortable operating across technical and executive audiences.
• Familiarity with cloud and on-premise deployment environments; understanding of software development and infrastructure security.
• Excellent written and verbal communication skills in English; French or Dutch is a plus.
• Experience with EU regulatory frameworks (GDPR, DORA, NIS2, or similar) is advantageous.

‍