ABOUT US

Pliant is a European fintech specializing in B2B payment solutions. Our modular, API-first platform helps businesses streamline spending, improve cash flow, and integrate payments into their financial workflows. Designed for industries with complex payment needs, such as travel and fleet, Pliant enables greater efficiency, control, and profitability.

We serve two primary customer segments:

• Companies looking to optimize operational processes through intuitive apps and APIs, gaining control, automation, and financial flexibility through extended credit lines.
• Businesses such as financial software platforms, ERP providers, and banks that want to launch or enhance their credit card offerings using Pliant’s embedded finance and white-label solutions.

Founded in 2020 and headquartered in Berlin, Pliant supports over 4,000 businesses and more than 20 partners globally. As a licensed e-money institution (EMI), we issue Visa-powered credit cards in 11 currencies across more than 30 countries, helping companies streamline and simplify payments.

Learn more at
www.getpliant.com

ABOUT THE ROLE

The Head of Operational Risk & Information Security (m/f/d), based at Pliant Oy — the group’s regulated Electronic Money Institution (EMI) — is responsible for establishing, maintaining, and continuously enhancing Pliant’s frameworks for Operational Risk, ICT Risk, and Information Security.

This role ensures that Pliant’s risk and security practices comply with EBA, DORA, and PSD2 requirements and international standards such as ISO 27001, SOC 2, and PCI DSS. While positioned within Pliant Oy’s second line of defence, the role provides group-wide oversight and coordination across all Pliant entities.

The Head leads a small team of operational risk and information security specialists, ensuring robust governance, operational resilience, and protection of Pliant’s systems and data. The role also acts as the primary point of contact for regulators, auditors, and partners on operational risk and information security matters.

WHAT YOU’LL DO

1. Governance, Framework & Leadership

• Lead the development and continuous improvement of Pliant’s Operational Risk and Information Security Frameworks, ensuring compliance with EBA, DORA, and PSD2 requirements.
• Maintain governance, control, and reporting structures aligned with Pliant Oy’s EMI obligations and group-wide needs.
  Act as the 2nd Line of Defence lead, providing independent oversight, assurance, and challenge across all entities.
• Manage and mentor a team of risk and IT security specialists, fostering collaboration and accountability.
• Advise senior management, the Risk Committee, and the Board on operational resilience and ICT/security risk.
  
  

2. Risk Oversight & Incident Management

• Own the enterprise-wide incident management framework covering ICT and non-ICT incidents.
• Maintain a consistent incident classification, escalation, and reporting structure across jurisdictions.
• Lead post-incident reviews and root cause analyses, ensuring lessons learned are implemented.
• Ensure compliance with major incident notification obligations under PSD2 and DORA.

3. Information Security Governance

• Maintain and enhance Pliant’s Information Security Management System (ISMS) in accordance with ISO 27001, SOC 2, and PCI DSS.
• Develop and enforce information security policies and controls that support business goals and regulatory requirements.
• Oversee cyber incident detection, analysis, and response, coordinating with Technology and Operations.
• Maintain and test incident recovery and response plans, ensuring alignment with DORA requirements.

4. Business Continuity & Operational Resilience

• Coordinate Business Continuity Management (BCM) across the group.
• Conduct and maintain Business Impact Analyses (BIAs), ensuring continuity and disaster recovery plans are tested and up to date.
• Ensure technical recovery objectives (RTO/RPO) meet business and regulatory standards.
• Collaborate with IT and Operations to ensure comprehensive operational resilience.

5. Third-Party & Outsourcing Risk

• Oversee the outsourcing and third-party risk management framework in line with EBA Guidelines on Outsourcing Arrangements.
• Oversee due diligence and ongoing monitoring of critical outsourcing and cloud providers.
• Ensure contractual security and risk provisions are embedded in supplier agreements.

6. Regulatory Engagement & Assurance

• Serve as the primary point of contact for operational risk and information security matters with FIN-FSA.
• Represent Pliant Oy and the Pliant Group during regulatory reviews, external audits, and certification processes.
• Support compliance readiness for PSD2, DORA, SOC 2, and ISO 27001.
• Track audit findings and ensure timely remediation of issues.

7. Training & Awareness

• Promote a strong risk and security culture throughout the organization.
• Deliver training on cyber hygiene, risk identification, incident management, and continuity procedures.
• Encourage proactive ownership of risk and continuous improvement across teams.
  
  

WHAT YOU’LL BRING

• Bachelor’s or Master’s degree in Information Security, Risk Management, Computer Science, or a related discipline.
• 5+ years of experience in operational risk, ICT risk, or information security management, ideally within financial services, fintech, or EMI.
• Demonstrated experience implementing or managing ISO 27001, SOC 2, and PCI DSS frameworks.
• Strong knowledge of EBA, DORA, and PSD2 operational and ICT risk requirements.
• Proven ability to lead a small team and engage effectively across Technology, Operations, and Compliance functions.
• Excellent communication, stakeholder management, and presentation skills at all levels.
  
  

NICE TO HAVE

• Professional certifications such as CISM, CISSP, CRISC, ISO 27001 Lead Implementer/Auditor.
• Working knowledge of Finnish and/or additional European languages.
  

WHAT WE OFFER

• The opportunity to work in a growing team with big responsibilities that thrives on a strong exchange of knowledge and excellence
• Attractive remuneration
• Flat hierarchy and transparent communication in a relaxed, professional atmosphere
• Opportunity to develop your talent in a dynamic team with ambitious goals
• Flexibility and possibility to work remotely
• Company card with a monthly allowance for lunches, coffee, etc. with co-workers

At Pliant, we believe diversity and inclusion are essential to building not only an innovative product but also an exceptional experience for both our customers and our team. This commitment begins with our hiring process—we welcome individuals of all racial and ethnic backgrounds, religions, national origins, gender identities or expressions, sexual orientations, ages, marital statuses, and abilities. If you require accommodations or accessibility support during the interview process, please let us know in your application so we can make sure your experience is seamless.