Chief Information Security Officer (CISO)

About the RoleWe’re looking for a strategic and execution-focused CISO to build our security foundation and guide the company through a period of rapid growth and increasing regulatory expectations. This person will be responsible for establishing a security posture that can withstand the real-world threats facing a growing crypto firm. Key ResponsibilitiesOwn the roadmap and execution for obtaining regulatory and industry certifications (e.g., SOC 2/SOC 1).Partner with C-Suite, Engineering and Compliance teams to define and document required controls, policies, and procedures.Serve as the primary point of contact for external security auditors.Conduct comprehensive assessments of infrastructure, applications, and physical environments to identify gaps and high-impact risks.Develop a threat model grounded in the realities of the crypto landscape and tailor controls to counter the adversaries we’re likely to face.Stand up robust incident response capabilities.Drive a disciplined vulnerability management program in partnership with Engineering to ensure timely remediation and measurable reduction in risk.Act as a senior advisor on cybersecurity strategy, investments, and enterprise risk.Recruit, mentor, and manage security engineers, architects, and analysts as the team grows.QualificationsDemonstrated leadership experience within cybersecurity—ideally in fintech, crypto, or other financial services. Successful track record guiding organizations through SOC audits or security certification programs.Strong technical grounding across:Threat detection and investigationIncident response and crisis managementVulnerability managementAWS, identity, and infrastructure securityAutomation and security engineering practicesExperience working closely with senior executives and communicating clearly in board-level settings.Ability to operate both strategically and hands-onExperience implementing and managing secure-by-default engineering practices (e.g., secrets management, hardening baselines, identity federation, RBAC, MFA enforcement).Strong understanding of secure architecture patternsDemonstrated ability to build core security processes from scratch: onboarding/offboarding, access reviews, vulnerability workflows, change management, etc.Certifications: CISSP, CISM, GIAC, or equivalent.