Head of Cybersecurity Audit

What You’ll Be Doing

• Lead and manage a global cybersecurity audit team, including driving the cybersecurity audit strategy and risk monitoring program.
• Drive the execution of global Information Security audit programs, ensuring comprehensive coverage and adherence to best practices.
• Oversee IT incident validations and provide critical support for group-wide IT certifications.
• Collaborate effectively with functional and regional portfolio leads to provide expert IT security controls testing support for integrated audits.
• Develop and implement advanced audit methodologies tailored to the unique complexities of blockchain technology, crypto exchanges, and decentralized systems.
• Provide strategic guidance and insights on emerging cybersecurity risks and controls in the cryptocurrency space to senior leadership.

What We Look For In You

• Prior Experience Leading Cybersecurity Audit Teams in the Crypto Exchange/Crypto Product Space is Essential.
• Strong Critical Thinking and Problem-Solving Skills: Capacity to analyze complex, often novel, technical and control environments unique to crypto, identify intricate root causes of issues, and propose effective, context-specific solutions.
• Fundamental Understanding of Blockchain Technology: Basic knowledge of distributed ledger technologies, consensus mechanisms (e.g., PoW, PoS), cryptography (hashing, public-key), and the lifecycle of a cryptocurrency transaction.
• Data Analytics/SQL for Deep Security Analysis: Proficiency in querying and analyzing large volumes of security logs, blockchain transaction data, wallet addresses, vulnerability scan outputs, penetration test results, and threat intelligence feeds to identify sophisticated attack patterns, anomalies, and potential illicit activities unique to crypto.
• Security Auditing and Compliance: Deep understanding of common cybersecurity frameworks (e.g., NIST CSF, ISO 27001) applied within the unique risk context of a crypto exchange. Ability to assess compliance with emerging crypto-specific security standards and regulatory guidance.
• Vulnerability Assessment & Penetration Testing (VAPT) Interpretation & Oversight for Crypto Assets: Ability to plan, scope, interpret, and assess the remediation effectiveness of VAPTs specifically targeting blockchain infrastructure, smart contracts, exchange platforms, and wallet security.
• Incident Response & Forensics for Crypto Incidents: Expertise in incident response lifecycles and forensic investigation techniques specifically tailored for crypto incidents (e.g., fund misappropriation, smart contract exploits, private key compromises, denial-of-service on nodes).
• Network Security for High-Value Crypto Infrastructure: Advanced expertise in evaluating highly resilient and secure network architectures for crypto exchanges, including multi-layer defenses, DDoS mitigation for high-volume transactions, and secure connectivity to blockchain nodes and custodians.
• Cloud Security for Distributed Crypto Systems: In-depth understanding of cloud security principles and ability to audit complex cloud deployments hosting distributed ledger nodes, hot/cold wallet infrastructure, and high-performance trading engines across multiple cloud providers.
• Security Information and Event Management (SIEM) for Blockchain and Crypto Systems: Ability to assess the configuration, correlation rules, and alerting mechanisms of SIEM solutions specifically integrated with blockchain nodes, off-chain transaction systems, and crypto-specific logs to detect sophisticated threats.
• Understanding of Cyber Threat Landscape & Attack Vectors: In-depth knowledge of unique attack vectors targeting crypto exchanges (e.g., flash loan attacks, reentrancy attacks, oracle manipulation, phishing for private keys, supply chain attacks on blockchain software) and the specific techniques used by threat actors in this space.
• Risk Management Principles for Cybersecurity: Advanced grasp of cybersecurity risk identification, assessment, mitigation, and monitoring methodologies specifically tailored to the high-stakes, real-time, and often irreversible nature of crypto transactions.
• Knowledge of Specific Regulatory Requirements: Understanding of specific regulatory requirements impacting crypto exchanges globally (e.g., anti-money laundering (AML), combating the financing of terrorism (CFT) as per FATF, sanctions compliance, specific licensing requirements for Virtual Asset Service Providers (VASPs) and how these translate to technical controls.

• Competitive total compensation package
• L&D programs and Education subsidy for employees' growth and development
• Various team building programs and company events
• Wellness and meal allowances
• Comprehensive healthcare schemes for employees and dependants
• More that we love to tell you along the process!