Information Security Officer

Requirements

• Minimum 5 years of experience in information security, with at least 2 years in fintech, digital assets, cryptocurrency, payments, or trading platforms.
• Professional security certifications such as CISSP, CISM, CISA, CCSP, or equivalent.
• Experience in building security teams and security programs will be an advantage.
• Hands-on experience with IAM/SSO solutions (Okta preferred), MFA, Mobile Device Management (MDM), asset management, cloud security (e.g., AWS), and core security technologies such as network segmentation, IAM, and SIEM.
• Strong understanding of digital asset custody and wallet security, including MPC, multi-signature wallets, hot/cold wallet architecture, and key management.
• Experience integrating and managing enterprise custody platforms such as Cobo, Fireblocks, or equivalent solutions.
• Familiarity with penetration testing methodologies and the ability to review and evaluate third-pa

Additional Information

Security Strategy & Baseline Framework Development Develop, implement, and maintain the company's overall security baseline framework covering production environments, corporate networks, key management, access controls, data classification, and other critical security domains. Regularly review and update policies to address evolving threats and ensure consistent security standards across all business units. Vulnerability Management & Penetration Testing Lead vulnerability identification, assessment, and prioritization efforts. Coordinate and/or conduct penetration testing activities, monitor remediation progress, ensure closure within agreed SLAs, and provide regular reporting of critical risks to the CEO. Key Management & Wallet Security (Custody Layer) Design and enforce security controls for digital asset custody operations, including hot and cold wallet management, key rotation processes, multi-signature (Multi-Sig) and MPC solutions. Lead security integration and configuration of enterprise custody platforms such as Cobo and similar providers, including transaction limits, whitelisting, approval workflows, and review mechanisms. Ensure all asset-related activities maintain a complete and auditable operational trail. Operational Security (OpSec) Implement security controls across customer fund movements, external communications, and data processing activities. Review and assess the security of CFD trading systems, payment channels, and integration interfaces. Enforce segregation of duties (SoD) to reduce risks arising from fraud, abuse, or operational errors. Security SOP Framework Develop, maintain, and continuously improve security-related SOPs covering areas such as account management, wallet operations, employee onboarding/offboarding, incident response, third-party onboarding, and emergency procedures. Drive implementation across departments and ensure periodic review and compliance. Executive & Key Personnel Security Develop digital security programs for executives, key custodians, and other high-value individuals. This includes personal account security, device security, SIM swap prevention, anti-phishing and social engineering measures, and reduction of sensitive information exposure through OSINT management. Third-Party & Vendor Security Management Conduct security due diligence and onboarding assessments for third-party vendors, including SaaS providers, liquidity partners, financial counterparties, and technology suppliers. Review security and data protection provisions within contracts and SLAs. Maintain vendor risk registers and coordinate penetration testing, security assessments, and external audits. Security Incident Response (Technical) Lead technical investigations, forensic analysis, and root-cause assessments during security incidents. Produce independent technical investigation reports and collaborate with the Independent Risk Manager while maintaining separate and objective conclusions. Production Security Audits & Regulatory Support Conduct periodic reviews of production environments, including network architecture, IAM controls, API security, and infrastructure configurations. Ensure security principles are effectively implemented across all projects. Support regulatory audits and compliance initiatives related to KYC/AML requirements and drive security certification programs as business needs evolve. Security Awareness & Governance Establish and maintain company-wide information security policies and operational standards. Organize security awareness programs, phishing simulations, and training initiatives to foster a unified security culture across both digital asset and traditional financial services businesses. AI Product Security & Governance Develop and oversee security policies for AI-related products and systems. Conduct security assessments of AI applications and ensure the security and resilience of the company's AI infrastructure and foundational platforms, minimizing attack surfaces and operational risks.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at TECHNTEA PTE. LTD.? Share your experience