Security Project Manager

Are you looking to have an impact on the daily life of millions of entrepreneurs in France (and tomorrow in Europe)?

Are you looking for a work environment that values trust, proactivity, and autonomy?

Are our Engineering principles aligned with your vision?

Then Pennylane is the right place for you !

Our vision

We aim to become the most beloved financial Operating System of French SMEs and Accounting Firms (and soon, European ones).

We help entrepreneurs rid themselves of time-consuming tasks related to accounting and finance while providing them with access to key financial information to assist in making the best decisions for their business., As we scale, we need to centralize security project management. As our first Security Project Manager, you'll report to the Head of Information and Security to lead strategic security initiatives across the company.

Your mission? Bridge the gap between technical security requirements and business operations. You'll embed security into every project while maintaining the agility we need to grow, working across all security teams and business units to make security an enabler, not a blocker.

The Responsibilities

Strategic Initiatives, Innovation & Roadmap Management

In this capacity, you will drive the department's forward-looking projects, ensuring Pennylane stays ahead of threats while leveraging new technologies for efficiency :

• Lead Global Security Projects: Orchestrate complex, transversal projects involving Security / IT (AppSec, IT, Compliance, Incident Management, Financial Security) and other departments to ease all business / technical needs alignments.

• AI Governance & Innovation: Spearhead the Internal AI Governance framework, establishing policies for safe AI adoption across the company. Simultaneously, lead AI for Security projects to enhance threat detection and automation capabilities.

• Advanced Security Operations: Manage the evolution and optimization of the Security Operations Center (SOC) and Data Loss Prevention (DLP) strategies, ensuring these systems are robust, scalable, and integrated into the daily workflow.

• Cross-Departmental Collaboration: Act as the primary liaison for high-stakes collaborations with Engineering, Product, and Data teams. You will ensure Security is not a blocker but an enabler, defining mutual team agreements and roadmaps.

• Efficiency & Standardization: Identify bottlenecks in current security processes and propose innovative solutions to streamline operations, ensuring the department operates as a strategic partner rather than a utility provider.

Operational Enablement, Tooling Deployment & Change Management

In this capacity, you will focus on the practical application of security governance in other departments, ensuring that the deployment of tools and policies is smooth, accepted, and efficient :

Deployment of Rights & Governance Tools: Lead projects to deploy Identity and Access Management (IAM) and governance tools across other departments (HR, Sales, Tech). You will ensure these tools provide the necessary oversight without hindering business velocity.

Change Management & Culture: Drive the adoption of new security tools and processes. You will move beyond simple "training" to foster genuine engagement, helping teams understand the "why" behind security measures.

Balancing Innovation & Control: Work directly with business leaders to implement "Right-Sized" security. You will translate the department's philosophy (minimizing impact but not to the point of zero impact) into actionable project plans that secure the mission for growth.

Performance Monitoring: Define and track KPIs for security projects, ensuring that the implementation of anti-fraud mechanisms and security-by-design features are delivered on time and within the agreed scope.

Professional Experience: 5+ years of experience in Project or Program Management, with at least 3 years dedicated to Information Security, IT Governance, or Risk Management projects.

• Industry Context: Proven experience in a SaaS, FinTech, or Scale-up environment is highly preferred. You understand the pace of a modern tech company and the criticality of financial data.

• Framework Familiarity: Demonstrated experience working within frameworks such as ISO/IEC 27001 or SOC2 (essential), DORA, or GDPR. You know how to translate these standards into actionable project tickets.

Technical & Operational Skills

• Project Management Mastery: You are an expert in tools like Jira, Notion, or Asana, capable of managing complex roadmaps across multiple teams (AppSec, IT, Compliance).

• Security Tech Fluency: You must understand concepts and ops of SOC operations, DLP (Data Loss Prevention), and IAM (Identity Access Management). You are also very familiar with development cycles involving product owners and developers in continuous deployment environments at a fast pace.

• Emerging Tech Governance: A strong interest in or prior exposure to AI Governance. You understand the risks associated with LLMs and generative AI in a corporate environment

• Fluency in French and in English is required

Soft Skills & Mindset

• Pragmatic Negotiator: You understand that managing risks means balancing business needs, risk appetite, and regulatory requirements. You can stand firm on non-negotiables while finding practical compromises on implementation details.

• Communication: Excellent ability to translate "Security Language" into "Business Value." You can explain to a Sales Director why a new authentication step is necessary without using jargon.

• Resilience: You are comfortable working in a high-stakes environment where priorities can shift due to incidents or external regulatory changes., To speak English (level is assessed and appreciated according to the department you're applying to)

-To be energized by an ever-shifting work environment

-To be highly collaborative (within your team or other stakeholders)

-Sufficiently experienced to prioritize business-led actions on your day to day activity

What do we do to make your work life easier

Wherever you are based, you will get 25 vacations days paid by Pennylane

You'll have a competitive compensation package

You'll get company shares to enjoy a piece of the success story you're building with us

You'll have a budget to turn your home into a more comfortable workspace, as well as a monthly allowance to work from a coworking space whenever you feel like it

Pennylane is one of the fastest growing Fintechs in France (and soon to be in Europe!) In 5 years of existence, we've managed to : Make ourselves known as a groundbreaking accounting and financial software for small businesses and their accountants Raise a total of €400 millions, including from Sequoia, the famous fund from the Silicon Valley who invested early in companies like Google, Facebook, Airbnb, Stripe, Paypal and much more... Grow from 7 cofounders to 1000 happy Pennylaners : we're now recognized as one of the greatest places to work in France (and also remotely), with a 4.6/5 rating on Glassdoor. Build an international environment with more than 25 nationalities, with a strong remote-friendly culture, where 30% of the employees are already working from all parts of Europe Earn the trust of thousands of customers and accounting firms and obtain outstanding ratings Already more than 800,000 small and medium-sized enterprises (SMEs) and over 6000 accounting firms use Pennylane in France! About Security / IT at Pennylane At Pennylane, we handle sensitive customer data daily (accounting, banking, personal information). Security isn't just a checkbox-it's at the core of everything we build. Our Security / IT department is built on six core principles: strict ISO 27001 compliance, robust data protection, rigorous access control, GDPR compliance, continuous training, and operational resilience., ️ Through our partner Gymlib, you'll have access to 8000 fitness spaces in Europe and more than 300 activities related to wellness You'll have access to Busuu to perfect your English or your French You'll get the latest Apple equipment Depending on the teams and the requirements of the position - you'll be able to work remotely from your country of residence, as long as it is in Europe and within a maximum time difference of two hours from the CET time zone We are committed to regularly coming together for company events such as Tech Days (which bring remote Pennylaners together every 3 months) or our annual company seminar, fostering significant moments of cohesion for everyone. If you are based in France, you will have a French contract following French regulation on top of the additional perks : 6 to 12 RTT, 5 weeks PTOs, lunch credits (Swile), Alan Blue healthcare cover and regular events in cities where Pennylaners are mostly presents (Lyon, Bordeaux, Nantes…) We're working on providing those last advantages to our people based outside of France as well, but it can be quite more complex depending on different countries.