Security Project Manager

Are you looking to have an impact on the daily life of millions of entrepreneurs in France (and tomorrow in Europe)?

Are you looking for a work environment that values trust, proactivity, and autonomy?

Are our Engineering principles aligned with your vision?

Then Pennylane is the right place for you !

We aim to become the most beloved financial Operating System of French SMEs and Accounting Firms (and soon, European ones).

We help entrepreneurs rid themselves of time-consuming tasks related to accounting and finance while providing them with access to key financial information to assist in making the best decisions for their business.

Pennylane is one of the fastest growing Fintechs in France (and soon to be in Europe!)

In 5 years of existence, we’ve managed to :

💻 Make ourselves known as a groundbreaking accounting and financial software for small businesses and their accountants

💰 Raise a total of €225 millions, including from Sequoia, the famous fund from the Silicon Valley who invested early in companies like Google, Facebook, Airbnb, Stripe, Paypal and much more...

👨‍👩‍👧‍👦 Grow from 7 cofounders to 900 happy Pennylaners : we’re now recognized as one of the greatest places to work in France (and also remotely), with a 4.6/5 rating on Glassdoor.

🌍 Build an international environment with more than 25 nationalities, with a strong remote-friendly culture, where 30% of the employees are already working from all parts of Europe

🤝 Earn the trust of thousands of customers and accounting firms and obtain outstanding ratings

🚀 Already more than 700,000 small and medium-sized enterprises (SMEs) and over 5000 accounting firms use Pennylane in France!

At Pennylane, we handle sensitive customer data daily (accounting, banking, personal information). Security isn't just a checkbox—it's at the core of everything we build.

Our Security / IT department is built on six core principles: strict ISO 27001 compliance, robust data protection, rigorous access control, GDPR compliance, continuous training, and operational resilience.

You'll be part of a multidisciplinary Security / IT department with five specialized teams: AppSec, IT, Security Compliance, Incident Management, and Financial Security.

We operate across 4 strategic pillars:

- Product Security: Security-by-design and anti-fraud mechanisms

- Governance: ISO 27001 and DORA audits, global access control

- Culture: Building security awareness across the company

- Collaboration: Balancing security with business growth

As we scale, we need to centralize security project management. As our first Security Project Manager, you'll report to the Head of Information and Security to lead strategic security initiatives across the company.

Your mission? Bridge the gap between technical security requirements and business operations. You'll embed security into every project while maintaining the agility we need to grow, working across all security teams and business units to make security an enabler, not a blocker.

🎯 The Responsibilities

In this capacity, you will drive the department's forward-looking projects, ensuring Pennylane stays ahead of threats while leveraging new technologies for efficiency :

- Lead Global Security Initiatives: Orchestrate complex, transversal projects involving all five teams (AppSec, IT, Compliance, Incident Mgmt, Financial Security) to ensure the department’s roadmap is executed effectively.

- AI Governance & Innovation: Spearhead the Internal AI Governance framework, establishing policies for safe AI adoption across the company. Simultaneously, lead AI for Security projects to enhance threat detection and automation capabilities.

- Advanced Security Operations: Manage the evolution and optimization of the Security Operations Center (SOC) and Data Loss Prevention (DLP) strategies, ensuring these systems are robust, scalable, and integrated into the daily workflow.

- Cross-Departmental Collaboration: Act as the primary liaison for high-stakes collaborations with Engineering, Product, and Data teams. You will ensure Security is not a blocker but an enabler, defining mutual team agreements and roadmaps.

- Efficiency & Standardization: Identify bottlenecks in current security processes and propose innovative solutions to streamline operations, ensuring the department operates as a strategic partner rather than a utility provider.

In this capacity, you will focus on the practical application of security governance in other departments, ensuring that the deployment of tools and policies is smooth, accepted, and efficient :

Deployment of Rights & Governance Tools: Lead projects to deploy Identity and Access Management (IAM) and governance tools across other departments (HR, Sales, Tech). You will ensure these tools provide the necessary oversight without hindering business velocity.

Change Management & Culture: Drive the adoption of new security tools and processes. You will move beyond simple "training" to foster genuine engagement, helping teams understand the "why" behind security measures.

Balancing Innovation & Control: Work directly with business leaders to implement "Right-Sized" security. You will translate the department's philosophy (minimizing impact but not to the point of zero impact) into actionable project plans that secure the mission for growth.

Performance Monitoring: Define and track KPIs for security projects, ensuring that the implementation of anti-fraud mechanisms and security-by-design features are delivered on time and within the agreed scope.

🥇 You are the ideal candidate if:

- Professional Experience: 5+ years of experience in Project or Program Management, with at least 3 years dedicated to Information Security, IT Governance, or Risk Management projects.

- Industry Context: Proven experience in a SaaS, FinTech, or Scale-up environment is highly preferred. You understand the pace of a modern tech company and the criticality of financial data.

- Framework Familiarity: Demonstrated experience working within frameworks such as ISO/IEC 27001 or SOC2 (essential), DORA, or GDPR. You know how to translate these standards into actionable project tickets.

- Project Management Mastery: You are an expert in tools like Jira, Notion, or Asana, capable of managing complex roadmaps across multiple teams (AppSec, IT, Compliance).

- Security Tech Fluency: You must understand concepts and ops of SOC operations, DLP (Data Loss Prevention), and IAM (Identity Access Management). You are also very familiar with development cycles involving product owners and developers in continuous deployment environments at a fast pace.

- Emerging Tech Governance: A strong interest in or prior exposure to AI Governance. You understand the risks associated with LLMs and generative AI in a corporate environment

- Fluency in French 🇫🇷 and in English 🇬🇧 is required

- Pragmatic Negotiator: You align with the philosophy that security is not about "zero risk" but "managed risk." You can stand your ground on non-negotiables while finding compromises on implementation details.

- Communication: Excellent ability to translate "Security Language" into "Business Value." You can explain to a Sales Director why a new authentication step is necessary without using jargon.

- Resilience: You are comfortable working in a high-stakes environment where priorities can shift due to incidents or external regulatory changes.