Chief Information Security Officer - Bitcoin Trust Company

Remote
Full Time
Experienced

The Company

Swan is a leading Bitcoin-only financial services company supporting individuals and companies throughout their Bitcoin journey. We hire passionate Bitcoiners who want to work with a self-motivated and fully distributed startup team.

The Role

Last year, Swan announced the intent to launch a Bitcoin-only trust company. Now, we are working toward building a pipeline of highly qualified individuals to help us lead this company. The trust company will embark on the mission of onboarding the world’s Bitcoin-only clients ranging from wealth managers, family offices, institutions, and beyond while innovating in Bitcoin-only custody initiatives such as multi-institutional custody and other new forms of collaborative and conditional custody enabled by Bitcoin native technology. The company will maintain complete legal separation from Swan, and have its own management structure including a CTO and CSO/CISO separate from Swan, while having the benefit of access to Swan’s broader resources (over 60 employees in product, engineering, and security, with more than 150 employees overall).

We are looking for a Chief Information Security Officer (CISO) or Chief Security Officer (CSO) to lead the Security and IT divisions of the trust company.  Our team is dedicated to maintaining a secure operating environment and preserving the trust of our customers, and stakeholders. This position involves close collaboration with the executive leadership team to define the organizational risk appetite and ensure alignment with our strategic vision.

The CISO will be responsible for the design, implementation, and continued enhancement of a robust cybersecurity program to safeguard our assets.

Your responsibilities

  • Strategic Oversight of Cybersecurity Programs: Provide direction and leadership in the formulation and execution of strategic cybersecurity & IT initiatives across the company. Ensure consistent evaluation and improvement of our cybersecurity posture across the environment.
  • Leadership of Cybersecurity & IT Teams: Develop, oversee and lead the Security and IT teams. Build a collaborative team culture, ensuring constant communication and collaboration between IT and Security personnel.
  • Architect and Secure Systems: Provide technical direction on and ensure each system is secure, as well as the interactions between systems.
  • Incident Response Leadership: Develop, oversee, and periodically refine the company's cybersecurity incident response strategy. Drive regular training sessions for team members, ensuring a cohesive and effective response to threats and breaches.
  • Cybersecurity Training and Testing: Be responsible for the ideation and implementation of cybersecurity tabletop exercises, setting the direction for simulations that challenge and improve the company’s defense mechanisms.
  • External Relations Management: Lead the company’s engagement strategy with third-party vendors to uphold our cybersecurity standards. Set the tone for collaboration with law enforcement agencies during significant cybersecurity incidents. Develop and deploy vendor assessment policy.
  • Direction for Vulnerability Management: Set the strategic direction for continuous monitoring and management of vulnerabilities within the company’s digital infrastructure. Guide the team in devising and implementing remediation plans effectively.
  • Threat Intelligence Leadership: Champion the effort to stay abreast of the evolving cybersecurity threat landscape. Direct the team to proactively research and prepare for emerging threats.
  • Executive Briefings and Consultation: Serve as the company’s senior staff on cybersecurity matters. Periodically provide insights, recommend strategies, and emphasize best practices to protect our digital assets.
  • Leadership in Active Monitoring: Establish a robust monitoring framework for the company and its digital assets, ensuring the team actively detects and responds to any signs of malicious activity.

Skills and experience that will help you succeed

  • Professional Experience: A minimum of 10 years in a leadership role related to information security and IT, with a demonstrated track record of managing and guiding teams to success.
  • Financial & Regulatory Experience: Prior experience in Banking, Trust Companies, Financial Technology, and other regulated financial environments.
  • Experience with digital asset management systems and cold storage systems.
  • Familiarity with state trust company regulations or FFIEC guidelines a plus.
  • Educational Background: Advanced certifications such as CISSP, CISM, or CISA are highly desirable but not required.
  • An understanding of the unique cybersecurity threats and challenges facing Digital Custodians is a plus.
  • Provide ongoing Security and Compliance consultation of business operations and incident management.
  • Support internal information security training development as well as managing engagement of employees and officers taking external training required by regulators, if any.
  • This is a USA-based W-2 employment role.

Here's a bit about our culture

  • We’re a growing team: Fully distributed across the world, Slack and Huddles are huge here.
  • We’re very flat: Leadership is desired and encouraged; we hire people who care about and use the product they are working on.
  • We’re Bitcoiners: We find solutions that encourage Bitcoin principles. We are often involved in the Bitcoin community through writing, podcasts, conferences, open source projects, and time spent on Twitter to help educate the masses. We love Bitcoin, and it comes through in our daily chats, meetings, and actions.

Join us, become a Swan!

Share

Apply for this position

Required*
Apply with Indeed
We've received your resume. Click here to update it.
Attach resume or Paste resume
Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

Human Check*