First Vice President driving Axos Bank's information security strategy and leading a high - performing team. Architecting solutions and leading technical initiatives within a fast - paced environment.
About the role
- Information Security Risk Specialist at Zodia Custody responsible for enhancing cybersecurity measures. Collaborating with teams to improve resilience against cyber threats while managing industry compliance standards.
Responsibilities
- The Information Security Risk Specialist reports to the Chief Security Officer of Zodia Custody, who is accountable for Information & Cyber Security. As Zodia’s core mission is to provide safe custody of digital assets, this role is critical for ensuring that appropriate security countermeasures and operational capabilities have been implemented to respond to the evolving threat landscape of cyber-attacks.
- **Key Purpose**
- Maintain strong stakeholder engagement and serve as a point of contact of ICS related matters;
- Help to drive ICS requirements of Zodia and its clients into enhancements to Zodia products or ICS related initiatives;
- Engage external agencies / third parties to understand the threat environment and reported events; assess impact to Zodia;
- Engage with ICS stakeholders and external clients to demonstrate how ICS controls are being embedded into Zodia.
- **Key Responsibilities **
- Continually improving Zodia’s product and platform security by embedding security and resilience from the start and by default;
- Partner with various Zodia teams to continually drive down ICS risks, within risk appetite;
- Contribute to the operational delivery of controls, specifically for threat intelligence & modelling, application security, identity & access and security incident management.
- Manage ICS industry certification and audit activities for ISO 27001:2022 and SOC 1 & 2.
- Oversee and play a core role in lifecycle management of keys, covering generation, use and decommissioning of keys
- Review regulatory obligations for ICS requirements across Zodia’s jurisdiction footprint & drive implementation into technology (e.g. SG/MAS, EU/CSSF & DORA, AU/ASIC, UAE/ADGM, HK/HKMA etc). Take responsibility for effective implementation and coordinate with risk, compliance and technology teams to ensure effective oversight.
- Contribute ICT related information for regulatory reporting managed by the Compliance team.
- Drive security culture/awareness and help improve readiness for a cyber event;
- Contribute to the enhancement of ICS policy, standards and DOIs.
- Support the planning and implementation of Business Continuity Management within the organization.
- Provide technical expertise and knowledge in the context of the monitoring outsourced ICT service provider.
- Work with the stakeholders and other functions to validate the resilience of data and systems against Cyber threats.
- Collaborate with colleagues on client acquisition, improving the efficiency of due diligence processes and client pitches.
Requirements
- **Experience Required**
- Demonstrable knowledge in Crypto Asset security, specifically around key management, custody & smart contracts.
- Experience in information security domains such as threat intelligence & modelling, identity & access, incident and investigation management.
- Strong technical and hands-on experience in application security, including management of assurance activities such as pen-testing and bug bounty programmes.
- Experience working with Development and Engineering functions to improve security features and outcomes in applications.
- Experience managing an industry security framework such as ISO 27001 and SOC.
- **Type of person**
- Ability to deal and influence outcomes with cross functional teams and colleagues.
- Familiar and able to thrive in fast paced environment with constant change.
- Enjoys hands-on execution of tasks with “get things done” mindset.
- Able to manage both global and local role requirements and demands.
Benefits
- We are a friendly team, with monthly socials and seasonal celebrations as well as offering a range of fantastic benefits including:
- 30 days annual leave
- Pension contribution
- Annual training allowance
- Flexible national holidays (can chose whether to work on national holidays and use the leave elsewhere in the year)
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
No Education Requirement
Tech skills
Location requirements
Mid to Senior Data Engineer joining CrowdStrike's Cloud Identity & Perimeter team. Focus on developing and maintaining complex data pipelines and security analytics at scale.
Cybersecurity Assessor evaluating enterprise systems for vulnerabilities and compliance. Engaging in assessments and reporting within a hybrid work structure based in Brooklyn Heights, NY.
Security Business Analyst engaging in requirements gathering, risk assessments, and stakeholder liaison. Supporting measurable security outcomes with comprehensive documentation in a hybrid work setup.
Senior Software Engineer developing engaging gamified learning experiences for cybersecurity awareness. Driving technical leadership and product ownership in a rapidly growing team.
Cyber Security Engineer providing cybersecurity support for SCADA, OT networks and industrial control systems at Vestas. Collaborating with cross - functional teams to ensure secure operations in offshore wind farms.
Senior Consultant in IT Security guiding clients through IT projects and security strategies. Analyzing vulnerabilities and leading project tasks while ensuring quality and timely delivery.
AI Security Engineer securing AI - driven applications at a rapidly expanding tech company. Focus on mitigating risks across the AI lifecycle with a talented team.
Sr. Product Manager leading vision and strategy for Smartsheet's security offerings. Managing enterprise security products while ensuring compliance and driving product adoption.
Senior penetration tester responsible for advanced security testing in various sectors at Combitech. Collaborating with a team of experts, focusing on real threat simulations and enhancing security measures.