VP Information Security & IT

Summary

Join Paddle as the VP of Information Security & IT and assume overarching responsibility for Paddle's global security posture and internal IT capabilities. Reporting to the CTO, you will collaborate with the management team to build and manage world-class security controls, providing a reliable and effective security foundation for customers, shareholders, and business operations. This role demands a blend of strong security technology understanding and management responsibilities encompassing policy, risk assessment, and organizational education. You will provide operational and strategic leadership while also contributing practically to incremental improvements. The ideal candidate is an experienced security professional with a pragmatic approach and a proven track record of success.

Requirements

• Proven senior leadership in Information Security (e.g., current CISO, VP InfoSec, or strong deputy)
• Experience running security in a technology-led environment; ownership of security in a platform/cloud setup preferred
• Previously established centralised visibility into security risks with trackable metrics
• Implemented frameworks such as ISO/IEC 27001, SOC2, ITIL, COBIT, NIST, and compliance with standards like GDPR
• Matured an Application Security function in a CI/CD environment, focusing on automation and scalability
• Defined clear methodology for assessing and managing third-party security risk
• Ability to earn internal trust, navigate complexity, and collaborate effectively across functions
• Excellent presentation and communication skills
• Experience with cloud platforms such as AWS, Azure, Google Cloud, etc

Responsibilities

• Represent Information Security and IT internally and externally at Paddle, feeding into company strategy through our extended leadership team
• Instil a "security-first" mindset across the entire company—from the C-suite to junior staff
• Recruit, lead, and mentor high-performing teams across Information Security and IT, fostering a culture of accountability, agility, and trust
• Oversee the delivery of strategic Security and IT projects, ensuring alignment with organisational goals and available resources. Manage the entire project lifecycle, from defining scopes to monitoring progress
• Design and deliver a security strategy and roadmap that facilitates the organisation’s growth plans through the use of leading-edge technology and talented employees
• Develop and mature security programs that encompass security incident response, threat detection, and vulnerability management
• Champion a zero trust security model, including modern identity and access management practices
• Develop, maintain, and recommend approval of Paddle’s Information Security policy and control framework
• Collaborate with engineering leaders to drive a culture of secure coding through threat modelling, automated testing and adoption of application security best practices
• Improve security tooling and processes while scaling the team to support future product development. Focus on automation and tool maturity to increase effectiveness in security engineering
• Partner with legal and data teams to ensure robust data governance, protection, and privacy practices across jurisdictions
• Collaborate with the People & Talent Training Function to deliver comprehensive security training and awareness programs for employees across the business that drive engagement and deliver outcomes effectively
• Ensure that we maintain our SOC2 and PCI compliance, and lead the acquisition of any additional accreditations as necessary to support the broader business strategy
• Oversee IT operations, ensuring reliable and secure internal systems, SaaS tools and smooth onboarding/offboarding processes
• Drive our internal identity and access management strategy to ensure the proper access controls are in place across tools and systems
• Proactively manage our relationship and contract negotiations with third party SaaS software vendors, ensuring we manage procurement and seat usage, and deduplication of tools effectively and practically
• Own the IT budget and allocate resources for various projects and operational needs. Evaluate costs and seek opportunities to optimise spending

Preferred Qualifications

• Bachelor's in Computer Science, Information Security, or related field desirable, or equivalent experience
• CISSP, CISM and CCSP are desirable
• The ability to balance a strong theoretical understanding, combined with a bias to action, a willingness to be pragmatic, roll up their sleeves and get into the practical details to drive delivery to support the organisation

Benefits

• Attractive salaries
• Stock options
• Retirement plans
• Private healthcare
• Well-being initiatives
• Unlimited holidays
• Enhanced parental leave
• Annual learning fund
• Regular internal and external training