Chief Information Security Officer (CISO)

We're seeking an experienced Chief Information Security Officer (CISO) to lead enterprise-wide cybersecurity strategy, governance, and risk management across our global fintech operations. Reporting to the Group CEO, the CISO will be responsible for designing, implementing, and maintaining comprehensive security programs that protect critical assets, ensure regulatory compliance, and support business continuity across licensed operations in the USA, Gibraltar, and the EU.
 

This is a strategic, board-visible role for a seasoned security leader with deep experience in regulated financial services environments, particularly those managing multi-jurisdictional compliance, digital operational resilience, and third-party risk ecosystems.

.    Requirements

• Minimum 2+ years of active CISO-level responsibilities or equivalent security manager role reporting directly to the CISO in a regulated financial services, crypto firm, or fintech environment
• Proven track record leading security teams and managing enterprise-scale cybersecurity programs
• Demonstrated experience managing multi-jurisdictional compliance requirements (US, EU, or global markets)
• Strong background in third-party/vendor risk management and supply chain security
• Experience with incident response leadership and post-breach operations

• Exposure to regulatory examinations or audits (SOC 2, ISO 27001, financial services compliance)

   

    Certifications (Recommended)

• ISO 27001 Lead Implementer or Auditor (IRCA, PECB, or equivalent)
• SOC 2 Type II audit participation or compliance leadership experience (certification preferred: CISA, CISSP, or CISM)
• DORA compliance knowledge or experience implementing digital resilience frameworks

• (Preferred but not required: CISSP, CISM, CISA, CGEIT, CRISC)
   

  Technical & Domain Expertise

• Deep understanding of cybersecurity principles: confidentiality, integrity, availability, defense in depth
• Hands-on knowledge of security technologies: firewalls, intrusion detection, endpoint detection and response (EDR), SIEM, vulnerability management, identity and access management
• Proficiency in risk assessment methodologies and frameworks (NIST, ISO 27001, COBIT)
• Understanding of cloud security (AWS, GCP, Azure); experience with cloud-native security controls
• Familiarity with financial services infrastructure: payment systems, APIs, trading platforms, settlement systems
• Advanced understanding of blockchain/DeFi security concepts (preferred for crypto/fintech context)

• Knowledge of incident classification, breach notification requirements, and regulatory reporting obligations

   

  Soft Skills & Leadership

• Exceptional communication and presentation skills; ability to translate technical concepts for executive and board audiences
• Strategic thinking; capacity to balance compliance rigor with business agility
• Leadership presence and credibility with executive teams, boards, and regulatory bodies
• Change management experience; ability to drive organizational security culture shifts
• Pragmatism in risk assessment; proven ability to prioritize high-impact initiatives
• Cross-functional collaboration; experience working with legal, compliance, operations, and engineering teams

• Crisis management and decision-making under pressure
   

  Responsibilities:

• Develop and execute a comprehensive, forward-looking cybersecurity strategy aligned with business objectives and the evolving threat landscape
• Design and oversee the implementation of security policies, standards, and frameworks (ISO 27001, NIST Cybersecurity Framework, SOC-2, PCI-DSS, etc.) across all group entities
• Establish security governance structures, accountability matrices, and decision-making protocols for the organization
• Conduct regular risk assessments and produce risk posture reports for board-level review
• Lead the organization's shift toward zero-trust architecture and advanced threat defense posture
   

Compliance & Regulatory Management

• Oversee ISO 27001 certification maintenance and continuous improvement activities
• Manage regulatory relationships with Gibraltar FSC and EU financial authorities
• Support U.S. regulatory examinations and inquiries in coordination with the US CEO, Compliance Officer, and Legal
• Develop and maintain compliance documentation, control matrices, and evidence repositories
• Ensure alignment with GDPR, VASP (Virtual Asset Service Provider) regulations, and other applicable financial services frameworks
• Prepare and present regulatory compliance updates to executive leadership and audit committees
   

Risk Management & Incident Response

• Identify, assess, and mitigate cybersecurity, operational, and third-party risks affecting group operations
• Develop and maintain enterprise risk registers; prioritize remediation efforts based on business impact
• Establish and oversee an incident response framework with clear escalation procedures, role definitions, and response timelines
• Lead post-incident reviews and implement corrective actions; ensure regulatory incident reporting compliance
• Maintain relationships with external incident response teams, forensic providers, and law enforcement
   

Vendor & Third-Party Risk Management

• Update and maintain a comprehensive third-party risk management program covering ICT service providers, cloud vendors, integrations, and payment processors
• Conduct due diligence assessments on critical vendors; develop and enforce security requirements through contracts and service level agreements
• Monitor vendor security posture through ongoing assessments, audits, and risk reviews
• Ensure vendor exit strategies and business continuity arrangements; minimize single-point-of-failure dependencies
• Oversee supply chain risk assessments and manage relationships with critical service providers
• Report on third-party risk metrics and emerging vendor-related threats to leadership
   

Business Continuity & Disaster Recovery

• Update and maintain a comprehensive business continuity and disaster recovery strategy across group operations
• Manage Define Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) for critical systems and business processes
• Maintain testing schedules and oversee regular business continuity and disaster recovery drills
• Maintain and update business continuity and disaster recovery plans; ensure cross-functional awareness and ownership
• Lead continuity planning for critical dependencies (cloud infrastructure, payment gateways, regulatory reporting systems)
• Coordinate with operations teams on infrastructure resilience, failover procedures, and backup systems
• Coordinate with the CFO on the financial impact of BC planning
• "on-call" status for regulatory breach notifications may be required
   

Security Posture & Operations

• Oversee the design and implementation of security controls across infrastructure, applications, and data environments
• Maintain and improve  key security metrics and KPIs; produce regular dashboards and scorecards for executive visibility
• Manage security tools and technology stack (SIEM, endpoint detection and response, vulnerability management, etc.)
• Establish security operations protocols; coordinate with IT and engineering teams on threat detection and response
• Drive security culture through awareness programs, training, and communication initiatives
• Evaluate emerging technologies and threats; recommend strategic security investments
   

Security Architecture & Technical Leadership

• Provide strategic guidance on system design, application security, cloud architecture, and data protection measures
• Oversee security code reviews and secure software development lifecycle (SDLC) practices
• Advise on encryption strategies, key management, and data classification frameworks
• Ensure secure configuration of cloud environments (AWS, GCP, Azure) and identity management systems
   

Board & Executive Reporting

• Serve as the primary security advisor to the Group CEO, board of directors, and executive leadership team
• Communicate security risks, compliance status, and strategic initiatives in business-appropriate language
• Present quarterly risk dashboards, incident summaries, and compliance updates to audit committees
• Participate in executive risk committee meetings; escalate critical threats and emerging risks
• Support regulatory inquiries and examinations from financial authorities
  
  Benefits:
• Competitive salary.
• Opportunity to work in a cutting-edge industry with a fast-growing company.
• Remote work position.
• Professional development opportunities and industry certifications.
• Collaborative and innovative work environment.