Chief Information Security Officer

Join the EPEX SPOT Team: Innovate, Collaborate, ThriveJob Summary: As a Chief Information Security Officer (CISO), you coordinate the protection of our client data and the systems/applications that process it, while strengthening our security governance and meeting cyber regulatory obligations across multiple European countries in a multi-cloud environment.This is a high-visibility role requiring strong stakeholder management and communication to C-level leadership and the Supervisory Board. A key part of the mission is balancing and harmonizing different implementation and reporting requirements, with a near-term focus on NIS2, NCCS cyber laws, and advancing ISO 27001 certification.You lead a cultural shift that positions information security as a value-adding partner rather than a constraint. You empower teams to take ownership of security risks while supporting business objectives. Key Responsibilities: 1.Team and partner leadershipCollaborate with the IT Department, mainly with Cloud Center of Excellence (CCoE), Cloud Platform, and IT User experience teams, fostering strong leadership.Build visibility, alignment, and support across internal and external stakeholders.Provide decision-oriented reporting to C-level and Supervisory Board: top risks, posture, roadmap progress, and investment needs.Drive a security narrative that supports business outcomes and regulatory confidence.You lead and coordinate a security capability mix, including:2 SOC resources1 Security Architect1 Cloud Security Specialist1 Risks and Regulations Expert2 Vulnerability and Asset Management resourcesexternal SIEM/MSSP (managed through SLA)2.Security strategy, governance, and risk ownershipDevelop and execute a company-wide security strategy aligned with business goals and risk appetite.Establish a clear governance model: decision forums, risk acceptance workflow, and security steering cadence.Own the cyber risk register, including treatment plans, and formal risk sign-off.Ensure the existence and consistency of policies/standards that work across multiple countries and operating contexts.3.Regulatory compliance and assurance (NIS2, NCCS, ISO 27001)Lead compliance readiness and ongoing program execution for NIS2 and NCCS requirements.Drive the ISO 27001 certification journey (ISMS scope, risk assessment approach, Statement of Applicability, internal audits, management review, external audit readiness).Oversee security evidence, audit responses, and regulatory reporting inputs (where applicable).Ensure requirements are translated into practical, measurable controls across the organization.4.Security operations, detection, and incident responseOversee the SOC/SIEM/MSSP ecosystem to ensure effective detection, triage, response, and continuous improvement.Strengthen incident response capability: playbooks, escalation paths, crisis communication coordination, and exercises/tabletops.Ensure meaningful reporting on incidents, trends, and operational effectiveness—tailored for technical and executive audiences (Management Board, Supervisory Board).5.Multi-cloud security leadershipLead security direction for a multi-cloud environment, ensuring consistent baseline controls and accountability.Partner with IT and architecture to embed security-by-design in identity, logging/monitoring, configuration baselines, network controls, software development, and data protection.Enable secure delivery: integrate security into projects and change management with pragmatic guardrails.6.Vulnerability, asset & third-party risk managementOversee a risk-based vulnerability and asset management program (inventory quality, prioritization, remediation SLAs).Key Requirements: Hard Skills:-Familiarity with DevSecOps practices.-Familiarity with cloud services such as AWS, Azure, or Google Cloud, with an understanding of key concepts including networking, security, and cloud-native services.-Knowledge of security in GCP environments (e.g. IAM, security baselines, compliance and controls) is an advantage.-Ability to understand technical discussions to facilitate alignment and decision-making, without acting as a technical owner.Soft Skills: -Strong leadership that is both supportive and demanding, encouraging collective intelligence, individual initiative, and knowledge sharing. -Strong communication skills, enabling constructive and productive dialogue with team members and stakeholders while providing decision-oriented reporting to C-level and Supervisory Board.-Critical thinking and problem-solving skills to find effective and pragmatic solutions.-High emotional intelligence, maintaining a positive and productive team environment that encourages accountability and learning.-Conflict resolution skills, navigating disagreements in a way that promotes trust and collaboration.-Adaptability and flexibility in response to changing priorities, scope, and team dynamics while maintaining focus on shared goals.-Strong coaching and mentoring skills, supporting individual growth and increasing overall team maturity and autonomy, addressing resistance, and contributing pragmatically to Agile transformation efforts.Education and Experience:-Bachelor’s degree or equivalent experience.-CISSP or similar certification is a plus. -Agile or Scrum certification (e.g. PSM, CSM) is a plus.-At least 5 years of experience as a CISO, with strong hands-on experience in efficiently communicating and managing meaningful reporting to C-level and Boards.-Experience working with multiple teams and stakeholders in complex or scaled Agile environments Language Skills: -Fluent English is required (working language) for written and verbal communication.-French or Dutch is a plus. Who Are We?The European Power Exchange EPEX SPOT SE operates physical short-term electricity markets in 16 countries: Central Western Europe, Switzerland, the United Kingdom, the Nordics, the Baltics and Poland. The heart of our business is to bring together electricity supply and demand across Europe. EPEX SPOT plays a pivotal role in the energy sector. We help ensure that the market price of electricity remains accurate 24 hours a day, 365 days a year by offering our members the right products for power trading. Striving for a well-functioning Internal Energy Market, EPEX SPOT shares its expertise with partners across the European continent and beyond. Over 450 companies have traded 915 TWh (over 30 b€ worth) of electricity on EPEX in 2025. EPEX SPOT is a dynamic and fast-paced company that operates in a constantly moving landscape of the energy transition and the FinTech industries. We shape the future of the European power market by supporting decarbonisation, decentralisation, and digitalisation. Innovation is our tool to contribute, every day, to a more sustainable society and to facilitate the energy transition.At EPEX SPOT, we believe in fostering a vibrant and inclusive culture where every team member can thrive. Our core values— trustful teams, innovation & agility, and customer centricity— are the foundation of everything we do. Diversity is the cornerstone of our way of working, reflected in how we face challenges and work together as unique individuals to build a stronger organization. Our DNA is embedded in continuous improvement via constructive feedback, collaboration among colleagues, and a culture. We believe in true leadership, supporting our vision towards the energy transition, as well as the development of our People. Why join EPEX SPOT?At EPEX SPOT, you will be part of a passionate, talented, and international team dedicated to shaping the future of the European power market. Our offices and inclusive workplaces throughout Europe celebrate diversity and support our employees to unfold their full potential. We are proud of our commitment to gender equality, demonstrated by our strong performance in the Gender Equality Index. Our HR strategy focuses on our People and Organization, enhancing both motivation and employability, while equally developing individuals’ skills. Join us at EPEX SPOT and become part of a forward-thinking company where your contributions will make a significant impact, for the energy transition as well as for your career! Discover more about us and explore career opportunities at https://www.epexspot.com/enBenefits of working with us: • Hybrid Working Conditions: We offer you the flexibility of working from home or other EPEX locations for the best possible work-life balance. You can work up to 40 days per year from select countries in Europe. • Training Opportunities: We invest in your continuous development with a dedicated annual training budget to enhance your skills through various upskilling programs and initiatives. • Career Path: We support your career aspirations with clear pathways for advancement within the company and the EEX Group. • Internal Mobility: We offer and support the possibility to explore new roles within the company to expand your skills and experience.• Leadership Journey: We promote a culture of recognition and reward with the EPEX SPOT leadership journey that encourages everyone’s progression and development.