Security Project Manager

Are you looking to have an impact on the daily life of millions of entrepreneurs in France (and tomorrow in Europe)? Are you looking for a work environment that values trust, proactivity, and autonomy? Are our Engineering principles aligned with your vision? Then Pennylane is the right place for you!

Our vision

We aim to become the most beloved financial Operating System of French SMEs and Accounting Firms (and soon, European ones). We help entrepreneurs rid themselves of time‑consuming tasks related to accounting and finance while providing them with access to key financial information to assist in making the best decisions for their business.

About Us

Pennylane is one of the fastest growing Fintechs in France (and soon to be in Europe!). In five years of existence, we have:

• Made ourselves known as a groundbreaking accounting and financial software for small businesses and their accountants
• Raised a total of €400 million, including from Sequoia, the famous Silicon Valley fund that invested early in companies like Google, Facebook, Airbnb, Stripe, PayPal and many more
• Grown from 7 co‑founders to 1000 happy Pennylaners – we’re now recognised as one of the greatest places to work in France (and also remotely), with a 4.6/5 rating on Glassdoor
• Built an international environment with more than 25 nationalities, a strong remote‑friendly culture, and 30% of the employees already working from all parts of Europe
• Earned the trust of thousands of customers and accounting firms and obtained outstanding ratings
• Reached more than 900 000 small and medium‑size enterprises (SMEs) and over 6 000 accounting firms using Pennylane in France

About Security / IT at Pennylane

At Pennylane, we handle sensitive customer data daily (accounting, banking, personal information). Security isn’t just a checkbox—it’s at the core of everything we build.

Our Security / IT department is built on six core principles: strict ISO 27001 compliance, robust data protection, rigorous access control, GDPR compliance, continuous training, and operational resilience.

The Team You’ll Join

You’ll be part of a multidisciplinary Security / IT department with five specialised teams: AppSec, IT, Security Compliance, Incident Management, and Financial Security.

We operate across four strategic pillars:

• Product Security: security‑by‑design and anti‑fraud mechanisms
• Governance: ISO 27001 and DORA audits, global access control
• Culture: building security awareness across the company
• Collaboration: balancing security with business growth

The Role

As we scale, we need to centralise security project management. As our first Security Project Manager , you will report to the Head of Information and Security and lead strategic security initiatives across the company.

Your mission? Bridge the gap between technical security requirements and business operations. You will embed security into every project while maintaining the agility we need to grow, working across all security teams and business units to make security an enabler, not a blocker.

Strategic Initiatives, Innovation & Roadmap Management

• Lead Global Security Projects: orchestrate complex, transversal projects involving Security / IT (AppSec, IT, Compliance, Incident Management, Financial Security) and other departments to align all business and technical needs.
• AI Governance & Innovation: spearhead the Internal AI Governance framework, establishing policies for safe AI adoption across the company. Simultaneously, lead AI for Security projects to enhance threat detection and automation capabilities.
• Advanced Security Operations: manage the evolution and optimisation of the Security Operations Centre (SOC) and Data Loss Prevention (DLP) strategies, ensuring these systems are robust, scalable, and integrated into the daily workflow.
• Cross‑Departmental Collaboration: act as the primary liaison for high‑stakes collaborations with Engineering, Product, and Data teams, defining mutual agreements and roadmaps.
• Efficiency & Standardisation: identify bottlenecks in current security processes and propose innovative solutions to streamline operations, ensuring the department operates as a strategic partner rather than a utility provider.

Operational Enablement, Tooling Deployment & Change Management

In this capacity, you will focus on the practical application of security governance in other departments, ensuring that the deployment of tools and policies is smooth, accepted, and efficient.

• Deployment of Rights & Governance Tools : lead projects to deploy Identity and Access Management (IAM) and governance tools across other departments (HR, Sales, Tech). You will ensure these tools provide the necessary oversight without hindering business velocity.
• Change Management & Culture : drive the adoption of new security tools and processes. You will move beyond simple training to foster genuine engagement, helping teams understand the "why" behind security measures.
• Balancing Innovation & Control : work directly with business leaders to implement "Right‑Sized" security. You will translate the department's philosophy (minimising impact but not to the point of zero impact) into actionable project plans that secure the mission for growth.
• Performance Monitoring : define and track KPIs for security projects, ensuring that the implementation of anti‑fraud mechanisms and security‑by‑design features are delivered on time and within the agreed scope.

You Are the Ideal Candidate If

Experience & Background

• Professional Experience: 5+ years in Project or Program Management, with at least 3 years dedicated to Information Security, IT Governance, or Risk Management projects.
• Industry Context: proven experience in a SaaS, FinTech, or scale‑up environment is highly preferred. You understand the pace of a modern tech company and the criticality of financial data.
• Framework Familiarity: demonstrated experience working within frameworks such as ISO/IEC 27001 or SOC 2 (essential), DORA, or GDPR. You know how to translate these standards into actionable project tickets.

Technical & Operational Skills

• Project Management Mastery: expert in tools like Jira, Notion, or Asana, capable of managing complex roadmaps across multiple teams (AppSec, IT, Compliance).
• Security Tech Fluency: must understand concepts and ops of SOC operations, DLP (Data Loss Prevention), and IAM (Identity Access Management). Familiar with development cycles involving product owners and developers in continuous deployment environments at a fast pace.
• Emerging Tech Governance: strong interest in or prior exposure to AI Governance. Understands the risks associated with LLMs and generative AI in a corporate environment.
• Fluency in French and in English is required.

Soft Skills & Mindset

• Pragmatic Negotiator: understands that managing risks means balancing business needs, risk appetite, and regulatory requirements, standing firm on non‑negotiables while finding practical compromises.
• Communication: excellent ability to translate "Security Language" into "Business Value," explaining to a Sales Director why a new authentication step is necessary without jargon.
• Resilience: comfortable working in a high‑stakes environment where priorities can shift due to incidents or external regulatory changes.

What We Do to Make Your Work Life Easier

• 25 vacation days paid by Pennylane, wherever you are based.
• Competitive compensation package.
• Company shares to share in our success story.
• Budget to turn your home into a more comfortable workspace, plus monthly allowance for coworking spaces.
• Access to 8 000 fitness spaces in Europe and more than 300 wellness activities through our partner Gymlib.
• Opportunity to perfect your English or French with Busuu.
• Latest Apple equipment.
• Remote work from your country of residence within Europe, as long as the time difference from CET is no more than two hours.
• Regular company events such as Tech Days (every 3 months) and an annual seminar to foster cohesion.

If you’re based in France, you will have a French contract, 6–12 RTT, 5 weeks PTO, lunch credits (Swile), Alan Blue healthcare cover, and regular events in cities where Pennylaner presence is strong (Lyon, Bordeaux, Nantes…). We are working to extend similar advantages to people based outside France, but this depends on country‑specific regulations.

Who Are We Looking For?

• Proficient in English (level assessed according to the department you’re applying to).
• Energised by an ever‑shifting work environment.
• Highly collaborative within your team or with other stakeholders.
• Experienced enough to prioritise business‑led actions day‑to‑day.

We know that some people may feel they don’t meet the full list of criteria. If you’re hesitating, we encourage you to apply – who knows, it might be the start of a meaningful and long‑lasting collaboration.

Important Information for Candidates

Recruitment scam attempts are on the rise. We invite you to remain vigilant during exchanges.

Applications through official channels only: apply exclusively through our job postings on our official career site and partner pages.

Always verify the sender’s email address: our communications are sent from professional addresses with the domains @pennylane.com or @pennylane‑partners.com.

We will never ask you for payment or financial information (bank details, payment for an interview, equipment purchases, etc.) as part of the recruitment process. If such a request is made to you, it is fraudulent – do not respond and report it to us immediately.

We fully embrace diversity, equity and inclusion and are committed to creating a safe and inclusive environment.

We provide an equal employment opportunity regardless of gender, sexual orientation, origin, disabilities, or any other traits that make you who you are.