Digital Workplace Security Architect

What we do?

Aion Bank is a fully regulated European bank and credit institution, combining Vodeno’s cutting-edge, private blockchain-based platform with its ECB banking license, strong balance sheet, and deep regulatory expertise. Our mission is to provide a comprehensive suite of embedded banking solutions, enabling businesses to seamlessly integrate financial services into their offerings.

As part of the UniCredit Group, Aion Bank and Vodeno will accelerate their digital banking offer in strategic markets and will act as a sandbox for innovation for the wider UniCredit Group. Aion Bank and Vodeno's existing Banking-as-a-Service (BaaS) offering across key European markets, including Germany and Poland, will see the bank embed its services - ranging from account access and deposits to lending, payments and loyalty programs - directly into non-banking digital platforms, facilitating seamless customer experiences.

At Aion Bank, our biggest strength is our people—a team of highly intelligent, creative, and ambitious professionals who thrive in a fast-paced, innovative environment. We believe in delivering results while fostering a culture of passion and collaboration.

We are currently looking for a Digital Workplace Security Architect ready to join our adventure, share our ambition and help shape the future of digital banking.

What you will be doing?

Your role will be focused on expert-level design, governance, and hands-on implementation of security controls.

• Security Architecture & Hardening: Enhance, implement, and manage a robust security architecture for Google Workspace (Gmail, Drive, Chat, Meet, Chrome etc.).

• Endpoint & MDM Governance: You will enhance and enforce security baselines for all corporate endpoints, including Macbooks and mobile devices, ensuring their compliance through our MDM solutions (e.g., Jamf). Implement and manage Context-Aware Access rules to enforce Zero Trust principles.

• Data Protection & Control (DLP): You will be the owner of our workplace data protection strategy. You will configure new as well as existing DLP (Data Loss Prevention) rules across Gmail, Google Drive, and Chrome. Your responsibility includes proactively identifying new paths of data breaches and designing controls to mitigate them. 

• Risk & Application Governance: You will be responsible for the technical governance of applications and browser extensions, assessing their risk and defining usage policies. Verification of SSO coverage with our partners.  You will act as the primary technical expert during internal audits and regulatory reviews related to the workplace environment.

• Service Account & Automation Governance: You will establish and enforce security standards for service accounts, scripts, and API usage. You'll be responsible for auditing their permissions and ensuring all automation aligns with least-privilege principles.

• Threat Detection & Incident Response: Utilise the Google Workspace Alert Centre, security dashboard, and investigations tool to proactively detect and respond to security incidents. 

Skills you should have

• Core Experience: You have extensive (e.g., 5+ years) experience in IT Security, with a proven track record in securing workplace environments, preferably within a regulated industry (like banking, finance, or insurance).

• Technical Expertise: Deep, demonstrable knowledge of Google Workspace security controls, Chrome Enterprise, Cloud Identity, DLP, Vault, Context-Aware Access, and Endpoint Management.

• Security Knowledge: You possess a deep understanding of Zero Trust architecture, IAM, and Context-Aware Access. You are proficient in configuring DLP rules, email security (SPF, DKIM, DMARC), and managing security baselines. Strong understanding of IT governance frameworks and regulatory requirements is essential. Certification: Google Cloud Professional Cloud Security Engineer certification will be an additional asset.

• Scripting: Proficiency in scripting (e.g., Python, Google Apps Script, or shell scripting) for automation.

• Fluency in Polish and English fluent.

What we offer

You will get an opportunity to work in an innovative, digital bank applying state of the art approaches and technologies. Unless limited by banking regulations we offer a flexible form of contract.You will be provided an Individual Development Budget, dedicated to enhancing your professional skills.If your role permits, we also offer flexible work location: home/office —  according to your preference. You and your closest family will be covered with VIP-level private medical care which includes dental treatment and a hospitalisation package. We care for our colleagues’ well being, therefore we cover psychological consultations if you ever feel you need such support. Aion bank account without fee. We co-sponsor your Multisport card and cover 50% of its cost. You will work on computer equipment that delivers the best user experience — Apple MacBook. If you feel like working from the office, we have beautiful space available for you in Brussels and Warsaw. Each office is very nicely located with convenient commute options by public transport and by bike. Our office in Warsaw offers healthy snacks throughout the day. 

Our process

We keep our recruiting process simple. Step 1: Talk with one of our Recruiters about your to date experiences and ambitionsStep 2: Meet with your future Team Manager to deep dive on the role specifics and our work environment

Our note to you

Diverse teams really are the best teams. Research shows that some candidates may hesitate to apply for a job unless they meet every requirement. If you are excited about working with us, we encourage you to apply - even if you're not 100% sure. We are interested in getting to know you and learning about what you bring to the table.

Please note that we may close a job posting early if we receive a large number of exceptional applications.

Good luck!