Role Overview

We are looking for a Chief Information Security Officer (CISO) to lead the company's information security, IT operations, and technical compliance functions.

This role is strategic and hands-on, combining executive-level ownership of security and compliance with operational responsibility for corporate IT. The CISO will ensure the company meets regulatory, audit, and security obligations while enabling the business to scale safely across regulated entities, funds, and tokenized products.

The CISO reports directly to the CEO, with a dotted-line relationship to the CTO / CPO organization, reflecting the strong collaboration required with Product & Engineering.

Scope of Responsibilities

1. Corporate IT Operations & Support

Own and operate the company's internal IT environment and end-user services across all business units and regulated entities, including:

• Endpoint lifecycle management (laptops, mobile devices, accessories)
• IT onboarding and offboarding processes
• Identity and Access Management (IAM) and RBAC for corporate systems
• Email, productivity, and collaboration tools
• Helpdesk and Tier 1 / Tier 2 support operations
• Software asset management and license compliance
• Endpoint security tooling (EDR, MDM, antivirus, DLP)
• Employee security awareness and phishing training
• IT support for regulatory exams, subpoenas, and information requests

2. Information Security Governance & Risk Management

Define and own the company-wide security framework, policies, and risk posture, including:

• Corporate security policies (acceptable use, access control, incident response, vendor risk, etc.)
• Vendor and third-party risk management programs
• Security incident response governance for corporate systems
• Business continuity and disaster recovery planning (for internal systems)
• Asset inventory, audit logging, and evidence management
• Participation in all material security incidents and retrospectives as part of fundamental risk governance

3. Technical Compliance, Audits & Certifications

Own security-related compliance and act as the primary executive counterpart for audits and regulators, including:

• SOC 1 / SOC 2 readiness and ongoing compliance
• SOX IT controls and coordination with Internal Controls
• DORA readiness and operational resilience requirements
• ISO 27001 or similar certifications (as applicable)
• Regulatory security reporting and remediation management
• Ownership of audit responses, findings, and corrective action plans

4. Platform Security Oversight (Tokenization & Lifecycle Management Platform)

While Product & Engineering owns implementation and operations of platform security, the CISO is responsible for policy, assessment, and external defensibility of the platform's security posture, including:

• Reviewing and approving security architecture principles for the platform
• Oversight of secure software development practices (DevSecOps)
• Coordination and oversight of platform penetration tests
• Oversight of smart contract audits and third-party security reviews
• Participation in platform incident response when required
• Ability to clearly explain, present, and defend platform security controls to:
• Auditors
• Regulators
• Institutional clients and partners

5. Crypto & Tokenization Security

Given the company's core business and growing use of crypto assets, the CISO must bring hands-on expertise in digital asset security, including:

• Private key management models
• MPC-based custody and signing infrastructures
• Secure operational processes for crypto asset handling
• Policy definition for wallets, signing authorities, and access controls
• Risk assessments related to on-chain activity and smart contracts
• Oversight of crypto-specific incident response scenarios

Experience

Must-have

• Senior leadership experience in Information Security (CISO, VP Security, or equivalent)
• Proven ownership of audits and certifications (SOC, SOX, ISO, regulatory exams)
• Strong understanding of cloud security (AWS or equivalent)
• Direct experience with:
• Crypto assets
• Private key management
• MPC or HSM-based infrastructures
• Smart contract audits and security reviews
• Ability to operate credibly with:
• Regulators
• Auditors
• Institutional partners
• Experience operating in regulated financial environment

Nice-to-have

• Experience in fintech, capital markets, or digital securities
• Familiarity with SEC-regulated entities and fund structures
• Experience scaling security orgs in fast-growing companies