VP Information Security & IT

What do we do?

Paddle offers digital product companies a completely different approach to their payment infrastructure. Instead of assembling and maintaining a complex stack of payments-related apps and services, we’re a Merchant of Record for our customers. That means we take away 100% of the pain of payment fragmentation. It’s faster, safer, cheaper, and, above all, way better.

We’re backed by investors including KKR, FTV Capital, Kindred, Notion, and 83North and serve over 5000 software sellers in 245 territories globally.

The role:

The VP Information Security & IT will have overarching responsibility for Paddle's security posture on an international scale, and our internal IT capability. This leader will report to the CTO and will work closely with the wider management team to build and manage world-class security controls. They will be responsible for providing a reliable and effective security foundation and IT capability that serves the customers, shareholders, and business operations of the company.

This individual will provide a blend of strong and current security technology understanding, combined with broader management responsibilities around policy, risk assessment, and organisational education. We are looking for an experienced security professional who can provide operational and strategic leadership while also being willing to roll up their sleeves, with a pragmatic bias towards incremental action, rather than a purely policy-led approach.

What you'll do:

Leadership:

• Represent Information Security and IT internally and externally at Paddle, feeding into company strategy through our extended leadership team.

• Instil a "security-first" mindset across the entire company—from the C-suite to junior staff.

• Recruit, lead, and mentor high-performing teams across Information Security and IT, fostering a culture of accountability, agility, and trust.

• Oversee the delivery of strategic Security and IT projects, ensuring alignment with organisational goals and available resources. Manage the entire project lifecycle, from defining scopes to monitoring progress.

Information Security:

• Design and deliver a security strategy and roadmap that facilitates the organisation’s growth plans through the use of leading-edge technology and talented employees.

• Develop and mature security programs that encompass security incident response, threat detection, and vulnerability management.

• Champion a zero trust security model, including modern identity and access management practices.

• Develop, maintain, and recommend approval of Paddle’s Information Security policy and control framework.

• Collaborate with engineering leaders to drive a culture of secure coding through threat modelling, automated testing and adoption of application security best practices.

• Improve security tooling and processes while scaling the team to support future product development. Focus on automation and tool maturity to increase effectiveness in security engineering.

• Partner with legal and data teams to ensure robust data governance, protection, and privacy practices across jurisdictions.

• Collaborate with the People & Talent Training Function to deliver comprehensive security training and awareness programs for employees across the business that drive engagement and deliver outcomes effectively.

• Ensure that we maintain our SOC2 and PCI compliance, and lead the acquisition of any additional accreditations as necessary to support the broader business strategy.

IT Management:

• Oversee IT operations, ensuring reliable and secure internal systems, SaaS tools and smooth onboarding/offboarding processes.

• Drive our internal identity and access management strategy to ensure the proper access controls are in place across tools and systems.

• Proactively manage our relationship and contract negotiations with third party SaaS software vendors, ensuring we manage procurement and seat usage, and deduplication of tools effectively and practically.

• Own the IT budget and allocate resources for various projects and operational needs. Evaluate costs and seek opportunities to optimise spending.

• Note - maintenance of the cloud infrastructure that powers our production service for Paddle itself is outside the scope of this role, and is handled by a separate Platform team.

We'd love to hear from you if:

• Proven senior leadership in Information Security (e.g., current CISO, VP InfoSec, or strong deputy).

• Experience running security in a technology-led environment; ownership of security in a platform/cloud setup preferred.

• Previously established centralised visibility into security risks with trackable metrics.

• Implemented frameworks such as ISO/IEC 27001, SOC2, ITIL, COBIT, NIST, and compliance with standards like GDPR.

• Matured an Application Security function in a CI/CD environment, focusing on automation and scalability.

• Defined clear methodology for assessing and managing third-party security risk.

• Ability to earn internal trust, navigate complexity, and collaborate effectively across functions.

• Excellent presentation and communication skills.

• Experience with cloud platforms such as AWS, Azure, Google Cloud, etc.

• CISSP, CISM and CCSP are desirable.

• Bachelor's in Computer Science, Information Security, or related field desirable, or equivalent experience.

• The ability to balance a strong theoretical understanding, combined with a bias to action, a willingness to be pragmatic, roll up your sleeves and get into the practical details to drive delivery to support the organisation.

Everyone is welcome at Paddle

At Paddle, we’re committed to removing invisible barriers, both for our customers and within our own teams. We recognise and celebrate that every Paddler is unique and we welcome every individual perspective.

As an inclusive employer, we don’t care if, or where, you studied, what you look like or where you’re from. We’re more interested in your craft, curiosity, passion for learning and what you’ll add to our culture. We encourage you to apply even if you don’t match every part of the job ad, especially if you’re part of an underrepresented group.

Please let us know if there’s anything we can do to better support you through the application process and in the workplace. We will do everything we can to support any accommodations needed. We’re committed to building a diverse team where everyone feels safe to be their authentic self. Let’s grow together.

Why you’ll love working at Paddle

We are a diverse, growing group of Paddlers across the globe who pride ourselves on our transparent, collaborative and respectful culture.

We live and breathe our values, which are:

Paddle for others

Paddle together

Paddle simply

We offer a full suite of benefits, including attractive salaries, stock options, retirement plans, private healthcare and well-being initiatives.

We are a ‘digital-first’ company, which means you can work remotely, from one of our stylish hubs, or even a bit of both! We offer all team members unlimited holidays and enhanced parental leave. We invest in learning and will help you with your personal development via constant exposure to new challenges, an annual learning fund, and regular internal and external training.