Security Project Manager

Are you looking to have an impact on the daily life of millions of entrepreneurs in France (and tomorrow in Europe)? Are you looking for a work environment that values trust, proactivity, and autonomy? Are our Engineering principles aligned with your vision? Then Pennylane is the right place for you
Our vision We aim to become the most beloved financial Operating System of French SMEs and Accounting Firms (and soon, European ones). We help entrepreneurs rid themselves of time-consuming tasks related to accounting and finance while providing them with access to key financial information to assist in making the best decisions for their business.
About us Pennylane is one of the fastest growing Fintechs in France (and soon to be in Europe)
In 5 years of existence, we've managed to : Make ourselves known as a groundbreaking accounting and financial software for small businesses and their accountants Raise a total of €225 millions, including from Sequoia, the famous fund from the Silicon Valley who invested early in companies like Google, Facebook, Airbnb, Stripe, Paypal and much more... Grow from 7 cofounders to 900 happy Pennylaners : we're now recognized as one of the greatest places to work in France (and also remotely), with a 4.6/5 rating on Glassdoor. Build an international environment with more than 25 nationalities, with a strong remote-friendly culture, where 30% of the employees are already working from all parts of Europe Earn the trust of thousands of customers and accounting firms and obtain outstanding ratings  Already more than 700,000 small and medium-sized enterprises (SMEs) and over 5000 accounting firms use Pennylane in France
About Security / IT at Pennylane At Pennylane, we handle sensitive customer data daily (accounting, banking, personal information). Security isn't just a checkbox—it's at the core of everything we build. Our Security / IT department is built on six core principles: strict ISO 27001 compliance, robust data protection, rigorous access control, GDPR compliance, continuous training, and operational resilience.
The Team You'll Join You'll be part of a multidisciplinary Security / IT department with five specialized teams: AppSec, IT, Security Compliance, Incident Management, and Financial Security.
We operate across 4 strategic pillars: - Product Security: Security-by-design and anti-fraud mechanisms - Governance: ISO 27001 and DORA audits, global access control - Culture: Building security awareness across the company - Collaboration: Balancing security with business growth
The Role As we scale, we need to centralize security project management. As our first Security Project Manager, you'll report to the Head of Information and Security to lead strategic security initiatives across the company. Your mission? Bridge the gap between technical security requirements and business operations. You'll embed security into every project while maintaining the agility we need to grow, working across all security teams and business units to make security an enabler, not a blocker.
The Responsibilities
Strategic Initiatives, Innovation & Roadmap Management In this capacity, you will drive the department's forward-looking projects, ensuring Pennylane stays ahead of threats while leveraging new technologies for efficiency : - Lead Global Security Projects: Orchestrate complex, transversal projects involving Security / IT (AppSec, IT, Compliance, Incident Management, Financial Security) and other departments to ease all business / technical needs alignments. - AI Governance & Innovation: Spearhead the Internal AI Governance framework, establishing policies for safe AI adoption across the company. Simultaneously, lead AI for Security projects to enhance threat detection and automation capabilities. - Advanced Security Operations: Manage the evolution and optimization of the Security Operations Center (SOC) and Data Loss Prevention (DLP) strategies, ensuring these systems are robust, scalable, and integrated into the daily workflow. - Cross-Departmental Collaboration: Act as the primary liaison for high-stakes collaborations with Engineering, Product, and Data teams. You will ensure Security is not a blocker but an enabler, defining mutual team agreements and roadmaps. - Efficiency & Standardization: Identify bottlenecks in current security processes and propose innovative solutions to streamline operations, ensuring the department operates as a strategic partner rather than a utility provider.
Operational Enablement, Tooling Deployment & Change Management In this capacity, you will focus on the practical application of security governance in other departments, ensuring that the deployment of tools and policies is smooth, accepted, and efficient : Deployment of Rights & Governance Tools: Lead projects to deploy Identity and Access Management (IAM) and governance tools across other departments (HR, Sales, Tech). You will ensure these tools provide the necessary oversight without hindering business velocity. Change Management & Culture: Drive the adoption of new security tools and processes. You will move beyond simple "training" to foster genuine engagement, helping teams understand the "why" behind security measures. Balancing Innovation & Control: Work directly with business leaders to implement "Right-Sized" security. You will translate the department's philosophy (minimizing impact but not to the point of zero impact) into actionable project plans that secure the mission for growth. Performance Monitoring: Define and track KPIs for security projects, ensuring that the implementation of anti-fraud mechanisms and security-by-design features are delivered on time and within the agreed scope.

You are the ideal candidate if:
Experience & Background - Professional Experience: 5+ years of experience in Project or Program Management, with at least 3 years dedicated to Information Security, IT Governance, or Risk Management projects. - Industry Context: Proven experience in a SaaS, FinTech, or Scale-up environment is highly preferred. You understand the pace of a modern tech company and the criticality of financial data. - Framework Familiarity: Demonstrated experience working within frameworks such as ISO/IEC 27001 or SOC2 (essential), DORA, or GDPR. You know how to translate these standards into actionable project tickets.
Technical & Operational Skills - Project Management Mastery: You are an expert in tools like Jira, Notion, or Asana, capable of managing complex roadmaps across multiple teams (AppSec, IT, Compliance). - Security Tech Fluency: You must understand concepts and ops of SOC operations, DLP (Data Loss Prevention), and IAM (Identity Access Management). You are also very familiar with development cycles involving product owners and developers in continuous deployment environments at a fast pace. - Emerging Tech Governance: A strong interest in or prior exposure to AI Governance. You understand the risks associated with LLMs and generative AI in a corporate environment - Fluency in French and in English is required
Soft Skills & Mindset - Pragmatic Negotiator: You understand that managing risks means balancing business needs, risk appetite, and regulatory requirements. You can stand firm on non-negotiables while finding practical compromises on implementation details. - Communication: Excellent ability to translate "Security Language" into "Business Value." You can explain to a Sales Director why a new authentication step is necessary without using jargon. - Resilience: You are comfortable working in a high-stakes environment where priorities can shift due to incidents or external regulatory changes. What do we do to make your work life easier
 Wherever you are based, you will get 25 vacations days paid by Pennylane You'll have a competitive compensation package You'll get company shares to enjoy a piece of the success story you're building with us You'll have a budget to turn your home into a more comfortable workspace, as well as a monthly allowance to work from a coworking space whenever you feel like it  Through our partner Gymlib, you'll have access to 8000 fitness spaces in Europe and more than 300 activities related to wellness You'll have access to Busuu to perfect your English or your French You'll get the latest Apple equipment Depending on the teams and the requirements of the position - you'll be able to work remotely from your country of residence, as long as it is in Europe and within a maximum time difference of two hours from the CET time zone We are committed to regularly coming together for company events such as Tech Days (which bring remote Pennylaners together every 3 months) or our annual company seminar, fostering significant moments of cohesion for everyone.
If you are based in France, you will have a French contract following French regulation on top of the additional perks : 6 to 12 RTT, 5 weeks PTOs, lunch credits (Swile), Alan Blue healthcare cover and regular events in cities where Pennylaners are mostly presents (Lyon, Bordeaux, Nantes…) We're working on providing those last advantages to our people based outside of France as well, but it can be quite more complex depending on different countries.
Who are we looking for ? To thrive at Pennylane, you need : -To speak English (level is assessed and appreciated according to the department you're applying to) -To be energized by an ever-shifting work environment -To be highly collaborative (within your team or other stakeholders) -Sufficiently experienced to prioritize business-led actions on your day to day activity
We know that some people are less likely to apply than others, if they don't feel like they meet the full list of criteria. If you're hesitating, we encourage you to apply : who knows, it might be the start of a meaningful and long-lasting collaboration.
We also want to emphasize that we fully embrace diversity, equity and inclusion and that we're doing our best to create a safe and inclusive environment. We are committed to providing an equal employment opportunity regardless of gender, sexual orientation, origin, disabilities, or any other traits that make you who you are. If anything, diversity makes us a more fun place to work at. We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

---