Chief Information Security Officer – CISO

This is a fully remote position, open to applicants in Spain.

📋 Description

• Oversee the establishment and upkeep of the ICT risk management framework in accordance with CNMV and ESMA standards.

• Manage and monitor ICT services offered by CEX.IO Ltd (UK), including cloud infrastructure, software development, and security operations.

• Recognize, evaluate, and mitigate technological risks. Perform annual assessments of the Business Impact Analysis (BIA) and the ICT Risk Assessment.

• Serve as the primary authority for activating the Incident Response Plan (IRP) for high and critical incidents. Coordinate the communication of significant incidents to the CNMV within required deadlines (4h/72h/30 days).

• Oversee critical ICT third-party service providers, focusing on monitoring and ensuring adherence to established SLAs, RPOs, and RTOs.

• Ensure the security of crypto-asset custody solutions (Proprietary V2/V3 and external sub-custodians, such as Coinbase). Verify the integrity of MPC (Multi-Party Computation), HSM (Hardware Security Modules), and multisig signing processes.

• Manage the Secure Software Development Life Cycle and validate security testing in pre-production (UAT) environments before deployment.

• Approve and collaborate on operational resilience testing plans and specific tests related to Distributed Ledger Technology (DLT).

• Maintain a comprehensive and centralized inventory of CEX.IO systems and infrastructure.

⛳️ Requirements

• Bachelor's degree in Engineering, Computer Science, or Cybersecurity (preferably supplemented by pertinent certifications such as CISM or CISSP).

• Demonstrable experience in developing cybersecurity frameworks and adhering to EU financial regulations (DORA, MiCA, PCI DSS).

• Technical expertise in secure cloud architecture (especially in AWS environments).

• Proficiency in vulnerability management and monitoring tools (Grafana, Kibana, SIEM).

• Knowledge of cryptographic protocols and secure private key management.

• Excellent communication skills for engaging with regulators and the capability to lead global technical teams in a "hub and spoke" operational model.

🏝️ Benefits

• Opportunities for professional development.