Information Security Officer (CISO)

About the role

Valletta Finance Group is a mid-sized financial services and fintech employer with regional operations in Malta and the EU. As the appointed CISO you will own information security strategy, governance and incident management, ensuring resilience across cloud, on-premises and third-party services.

You will lead a small security team and work closely with IT, legal, compliance and executive stakeholders to translate business priorities into practical security controls. The role combines strategic planning, hands-on technical oversight and board-level reporting — ideal for a seasoned leader who can operate across technical and commercial domains.

This is a hybrid position based in central Valletta with competitive compensation, a performance bonus and opportunities to shape security architecture and maturity across an expanding fintech/finance group. The role offers exposure to international compliance standards (ISO 27001, GDPR) and the chance to establish policy, training and incident response frameworks from a leadership position.

About Valletta Finance Group

Valletta Finance Group is a Malta-based finance and fintech group providing payment, treasury and corporate finance services to European and international clients. The group combines regulated financial services with in-house technology teams and external partners to deliver scalable solutions.

What you can expect

• Hybrid work model with central Valletta office
• Competitive salary and annual performance bonus
• Professional training budget and support for certifications
• Clear progression into executive and board-level security roles

Key responsibilities

• Define and execute the group-wide information security strategy, aligning with business objectives and regulatory requirements.
• Develop, maintain and enforce security policies, standards and procedures (including incident response and business continuity plans).
• Lead detection, response and investigation of security incidents; oversee root-cause analysis and remediation.
• Manage security risk assessments, third-party vendor security reviews and supply-chain risk management.
• Oversee technical security architecture for cloud, network and application environments and approve major security design changes.
• Drive compliance with relevant standards and regulations (ISO 27001, GDPR, PCI-DSS where applicable) and liaise with auditors and regulators.
• Build and mentor a security team; coordinate cross-functional training, awareness and phishing simulations.
• Prepare regular security reports and brief the executive team and board on risk posture, incidents and strategic initiatives.
• Manage security budget, select security vendors and evaluate tooling (SIEM, endpoint protection, IAM, DLP).

Requirements

• Minimum 7+ years of hands-on information security experience with at least 3 years in a leadership role.
• Proven experience implementing security programmes in financial services, fintech or regulated environments.
• Relevant certifications such as CISSP, CISM or equivalent.
• Strong knowledge of security frameworks and standards (ISO 27001, NIST, OWASP) and practical GDPR experience.
• Experience with cloud security (AWS, Azure or GCP), identity and access management, network security and endpoint protection.
• Demonstrable incident response and vulnerability management experience, including use of SIEM and forensics procedures.
• Excellent stakeholder management and communication skills, with experience reporting to senior management or boards.
• Right to work in Malta or ability to obtain it (candidates should be eligible to work in Malta; employers may support relocation for EU candidates).

How to apply

Apply via the job page at https://fnkt.com/jobs/information-security-officer-ciso/ with your CV and a short cover note summarising relevant experience and notice period. If you experience issues with the portal, email your application to the fallback address below.