Security Officer responsible for maintaining a safe environment for clients and employees. Enforcing policies and responding to emergencies at the client's site.
About the role
- Information Security Risk Specialist at Zodia Custody responsible for enhancing cybersecurity measures. Collaborating with teams to improve resilience against cyber threats while managing industry compliance standards.
Responsibilities
- The Information Security Risk Specialist reports to the Chief Security Officer of Zodia Custody, who is accountable for Information & Cyber Security. As Zodia’s core mission is to provide safe custody of digital assets, this role is critical for ensuring that appropriate security countermeasures and operational capabilities have been implemented to respond to the evolving threat landscape of cyber-attacks.
- **Key Purpose**
- Maintain strong stakeholder engagement and serve as a point of contact of ICS related matters;
- Help to drive ICS requirements of Zodia and its clients into enhancements to Zodia products or ICS related initiatives;
- Engage external agencies / third parties to understand the threat environment and reported events; assess impact to Zodia;
- Engage with ICS stakeholders and external clients to demonstrate how ICS controls are being embedded into Zodia.
- **Key Responsibilities **
- Continually improving Zodia’s product and platform security by embedding security and resilience from the start and by default;
- Partner with various Zodia teams to continually drive down ICS risks, within risk appetite;
- Contribute to the operational delivery of controls, specifically for threat intelligence & modelling, application security, identity & access and security incident management.
- Manage ICS industry certification and audit activities for ISO 27001:2022 and SOC 1 & 2.
- Oversee and play a core role in lifecycle management of keys, covering generation, use and decommissioning of keys
- Review regulatory obligations for ICS requirements across Zodia’s jurisdiction footprint & drive implementation into technology (e.g. SG/MAS, EU/CSSF & DORA, AU/ASIC, UAE/ADGM, HK/HKMA etc). Take responsibility for effective implementation and coordinate with risk, compliance and technology teams to ensure effective oversight.
- Contribute ICT related information for regulatory reporting managed by the Compliance team.
- Drive security culture/awareness and help improve readiness for a cyber event;
- Contribute to the enhancement of ICS policy, standards and DOIs.
- Support the planning and implementation of Business Continuity Management within the organization.
- Provide technical expertise and knowledge in the context of the monitoring outsourced ICT service provider.
- Work with the stakeholders and other functions to validate the resilience of data and systems against Cyber threats.
- Collaborate with colleagues on client acquisition, improving the efficiency of due diligence processes and client pitches.
Requirements
- **Experience Required**
- Demonstrable knowledge in Crypto Asset security, specifically around key management, custody & smart contracts.
- Experience in information security domains such as threat intelligence & modelling, identity & access, incident and investigation management.
- Strong technical and hands-on experience in application security, including management of assurance activities such as pen-testing and bug bounty programmes.
- Experience working with Development and Engineering functions to improve security features and outcomes in applications.
- Experience managing an industry security framework such as ISO 27001 and SOC.
- **Type of person**
- Ability to deal and influence outcomes with cross functional teams and colleagues.
- Familiar and able to thrive in fast paced environment with constant change.
- Enjoys hands-on execution of tasks with “get things done” mindset.
- Able to manage both global and local role requirements and demands.
Benefits
- We are a friendly team, with monthly socials and seasonal celebrations as well as offering a range of fantastic benefits including:
- 30 days annual leave
- Pension contribution
- Annual training allowance
- Flexible national holidays (can chose whether to work on national holidays and use the leave elsewhere in the year)
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
No Education Requirement
Tech skills
Location requirements
Senior Security Advisor enhancing security measures to align with corporate objectives at Desjardins. Leading development of strategic initiatives and overseeing best practices in security.
Controls Professional assessing internal control frameworks at Barclays, improving control effectiveness and managing risks to ensure compliance with regulations.
Senior Information Security Engineer at Wells Fargo investigating insider threats and strengthening cybersecurity measures. Conducting advanced investigations and collaborating with cyber teams to mitigate risks.
Staff Product Manager overseeing enterprise security product strategy for Tenable. Collaborating with various teams to deliver customer - focused solutions and product features.
Information Systems Security Officer managing operational security posture for information systems at GDIT. Collaborating closely with ISSM and ISO, handling security aspects, and ensuring compliance with security standards.
Program Security Representative providing multi - discipline security support for Special Access Programs. Ensuring compliance, developing policies, and conducting security assessments in a military context.
Senior Cyber Security Project Manager at Airbus Protect managing medium complexity projects in Cyber Security Consulting. Focusing on project leadership and team management in diverse client settings.
Security Architect responsible for designing cloud security architectures for leading brands. Ensuring compliance and guiding incident response strategies in AWS environments.
Senior Security Consultant for ISMS Management at Bundesdruckerei GmbH in Berlin. Responsible for security analysis, management, and advisory roles on cybersecurity issues.