Information Security Officer

Security Strategy & Baseline Framework Development

• Develop, implement, and maintain the company's overall security baseline framework covering production environments, corporate networks, key management, access controls, data classification, and other critical security domains. 
• Regularly review and update policies to address evolving threats and ensure consistent security standards across all business units.

Vulnerability Management & Penetration Testing

• Lead vulnerability identification, assessment, and prioritization efforts. 
• Coordinate and/or conduct penetration testing activities, monitor remediation progress, ensure closure within agreed SLAs, and provide regular reporting of critical risks to the CEO.

Key Management & Wallet Security (Custody Layer)

• Design and enforce security controls for digital asset custody operations, including hot and cold wallet management, key rotation processes, multi-signature (Multi-Sig) and MPC solutions. 
• Lead security integration and configuration of enterprise custody platforms such as Cobo and similar providers, including transaction limits, whitelisting, approval workflows, and review mechanisms. 
• Ensure all asset-related activities maintain a complete and auditable operational trail.

Operational Security (OpSec)

• Implement security controls across customer fund movements, external communications, and data processing activities. 
• Review and assess the security of CFD trading systems, payment channels, and integration interfaces. 
• Enforce segregation of duties (SoD) to reduce risks arising from fraud, abuse, or operational errors.

Security SOP Framework

• Develop, maintain, and continuously improve security-related SOPs covering areas such as account management, wallet operations, employee onboarding/offboarding, incident response, third-party onboarding, and emergency procedures. 
• Drive implementation across departments and ensure periodic review and compliance.

Executive & Key Personnel Security

• Develop digital security programs for executives, key custodians, and other high-value individuals. This includes personal account security, device security, SIM swap prevention, anti-phishing and social engineering measures, and reduction of sensitive information exposure through OSINT management.

Third-Party & Vendor Security Management

• Conduct security due diligence and onboarding assessments for third-party vendors, including SaaS providers, liquidity partners, financial counterparties, and technology suppliers. 
• Review security and data protection provisions within contracts and SLAs. 
• Maintain vendor risk registers and coordinate penetration testing, security assessments, and external audits.

Security Incident Response (Technical)

• Lead technical investigations, forensic analysis, and root-cause assessments during security incidents.
• Produce independent technical investigation reports and collaborate with the Independent Risk Manager while maintaining separate and objective conclusions.

Production Security Audits & Regulatory Support

• Conduct periodic reviews of production environments, including network architecture, IAM controls, API security, and infrastructure configurations. 
• Ensure security principles are effectively implemented across all projects. 
• Support regulatory audits and compliance initiatives related to KYC/AML requirements and drive security certification programs as business needs evolve.

Security Awareness & Governance

• Establish and maintain company-wide information security policies and operational standards. 
• Organize security awareness programs, phishing simulations, and training initiatives to foster a unified security culture across both digital asset and traditional financial services businesses.

AI Product Security & Governance

• Develop and oversee security policies for AI-related products and systems. 
• Conduct security assessments of AI applications and ensure the security and resilience of the company's AI infrastructure and foundational platforms, minimizing attack surfaces and operational risks.

Requirements

• Minimum 5 years of experience in information security, with at least 2 years in fintech, digital assets, cryptocurrency, payments, or trading platforms.
• Professional security certifications such as CISSP, CISM, CISA, CCSP, or equivalent.
• Experience in building security teams and security programs will be an advantage.
• Hands-on experience with IAM/SSO solutions (Okta preferred), MFA, Mobile Device Management (MDM), asset management, cloud security (e.g., AWS), and core security technologies such as network segmentation, IAM, and SIEM.
• Strong understanding of digital asset custody and wallet security, including MPC, multi-signature wallets, hot/cold wallet architecture, and key management.
• Experience integrating and managing enterprise custody platforms such as Cobo, Fireblocks, or equivalent solutions.
• Familiarity with penetration testing methodologies and the ability to review and evaluate third-party penetration testing reports.
• Understanding of AI technologies and security considerations for AI systems and applications.
• Proven ability to build security frameworks, policies, and SOPs from the ground up rather than solely operating within existing structures.