Information Security Manager

Lightspark is building open payments for the Internet—always-on payment solutions powered by Bitcoin, the only open, neutral network for moving value. With enterprise tools like Connect, UMA, and Spark, businesses can send and receive money instantly, securely, and at a fraction of the cost, anytime, anywhere. Lightspark is headquartered in Los Angeles, California, but serves the world.

This role sits within Striga, a Lightspark company, based in Tallinn, Estonia. Together, we're building Lightspark's European payments platform — connecting fiat and crypto rails to enable faster, more efficient money movement across borders

We're looking for a hands-on Information Security Manager to help establish and maintain our security and compliance framework in Europe, ensuring readiness for Estonian and EU regulatory requirements (e.g., DORA, ISO This role balances technical execution, ICT risk management, and regulatory governance—partnering closely with our Director of Risk, as well as U.S. and EU-based advisors, to build a scalable and compliant security posture.

You'll be both a builder and an operator—implementing controls, hardening systems, managing risk, and ensuring the company's security measures enable growth while meeting regulatory expectations.

WHAT YOU'LL BE DOING:

• Drive security strategy and governance: Develop, implement, and monitor a comprehensive information security and ICT risk management program aligned with DORA, ISO27001, and EU/Estonian requirements.

• Develop and maintain frameworks: Own the company's Information Security Management System (ISMS), ensuring all policies, controls, and documentation align with regulatory and business needs.

• Implement and operate security controls: Deploy and manage technical safeguards across cloud, on-prem, and application environments—covering vulnerability management, system hardening, and incident response.

• Collaborate across teams: Work closely with global engineering, risk, and compliance functions to ensure consistent application of security standards and processes across systems and services.

• Lead ICT risk management: Identify, assess, and manage ICT risks across business units, and provide actionable security insights for new technologies and initiatives.

• Engage with regulators and auditors: Serve as the main point of contact (or in coordination with control functions) for regulators, auditors, and external security assessors.

• Measure and report security posture: Regularly brief management and, where applicable, the Supervisory Board on key risks, compliance status, and improvement initiatives.

• Promote a culture of security: Drive employee awareness and training programs to foster security ownership and operational hygiene across the company.

WHAT WE ARE LOOKING FOR:

• 5+ years in information security operations or management with proven implementation of security and compliance programs. Experience in ICT risk management and oversight of technical security functions.

• Strong understanding of EU/Estonian frameworks, including DORA, ISO27001, SOC2, and GDPR. Experience supporting regulatory licensing or audit processes is a plus.

• Hands-on experience with cloud environments (AWS, Azure, GCP), secure configuration, vulnerability management, monitoring, and incident response. Familiarity with Linux/Windows hardening, networking, and scripting (e.g., Python, Bash).

• Higher education in a STEM or business-related field.

• Full working proficiency in English and Estonian.

• Proactive, structured, and detail-oriented leader with strong project management, communication, and collaboration skills.

• Experience preparing for regulatory inspections, working with ISO27001 audits, or partnering with fractional CISO/DPO roles. Certifications such as CISSP, CISM, ISO27001 Lead Implementer, or CIPP/E are beneficial.

Lightspark is on a mission to build an open payment protocol for the Internet at scale and therefore we're committed to creating a more inclusive and diverse workplace to reflect the customers we serve. We welcome interest from individuals of all backgrounds and levels of experience who share our mission. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, or other applicable legally protected characteristics.

We will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the State of California Fair Chance Initiative for Hiring.