CHIEF INFORMATION SECURITY OFFICER

Keep abreast of the latest developments in crypto, DeFi and blockchain to feed the company’s strategic orientations. Paid vacation: >5 weeks off / year....

JOB DESCRIPTION

As Chief Information Security Officer, you will be leading the security architecture & governance on multiple fronts.

You will contribute to the execution of one of the most ambitious tech projects in Europe right now: building a security standard for a trillion-dollar crypto finance industry.

You will join an amazing team of leaders (Chief Technology Officer, Chief Science Officer, Cryptographers, Engineers, etc.), in a highly challenging and collaborative environment.

Mission

Your primary goal will be to take the company and its services through the entire life cycle of ISO-&-SOC-type certifications while also designing a tailored security environment for our industry-specific constraints. Concretely, Xkey is a remote startup building a cloud-native SaaS that offers to protect assets worth billions of dollars.

Your primary metric will be Time to Certification.

Concretely, here are the projects & tasks to expect:

  • Share the big picture to your team, define the levels of priority within the strategic roadmap, and be accountable for the deadlines and the quality of the deliverables.
  • Act as a powerhouse of ideas on all security issues (risk assessment, best practices, architecture, tools, etc.).
  • Embed best-in-class Information Security processes within the service architecture and the internal workflows.
  • Ensure end-to-end implementation & adoption of the applicable security measures, and define the success metrics to follow.
  • Work with executive, board, and engineering team to have a high-and-low-level, in-depth understanding of the product and its risk vectors.
  • Work closely with the Head of Legal and the compliance team in charge of crunching our legal requirements to translate the product evolutions into features that take into account jurisdictional constraints and regulatory frameworks from the scratch.
  • Prepare the company and its services to apply for ISO 27001, SOC Type II, and others certifications of that level.
  • Make the product certification-friendly for custodians (PSAN and AMF for France, FSA for UK, BaFin for Germany, etc.).
  • Deliver Threat Analysis, Risk Assessment, Business Continuity, Crisis Management, Disaster Recovery Plans, and all additional documents that will contribute to the security due diligence and the safety of the company.
  • Organize white hack sessions, bug bounties and prepare research team for external security & cryptology audits.
  • Facilitate cross-branch communication and know-how exchange between team members on all things security.
  • Implement technical best practices and new ideas to encourage innovation within your team.
  • Hire white hackers, security engineers, cyber experts, PhDs, and consultants required to create a world class security team able to protect the product and the company like no other team on the market.
  • Educate and foster a security-first culture across the company to enforce a zero weak link policy and enable everyone to be proactive.
  • Occasionally participate in client meetings to help them better benchmark our solution against market alternatives.
  • Be part of weekly meetings to discuss strategy with the CEO and other team leaders.
  • Keep abreast of the latest developments in crypto, DeFi and blockchain to feed the company’s strategic orientations.

Terms

  • Role: CISO
  • Salary: €100-150K / year (+ competitive YoY increase)
  • Equity: 0.1-3.0% ( €1-30M in 2-4 years, dilution included)
  • Location: Work from home 100% remote, in London, or Paris HQ.
  • Paid vacation: >5 weeks off / year
  • Employee benefits: transportation, hardware budget, training budget, perks, events, insurance, meals, office space…

PREFERRED EXPERIENCE

Requirements

  • 10+ years of experience with Information Security as CISO and/or similar management positions
  • Experience from national or international military / cyber defense body
  • Extensive understanding of all things InfoSec, blue/red team drills, reverse engineering, forensics, etc.
  • Have already successfully filed and obtained ISO, EIC, SOC, NIST or other similar certifications
  • Have already done Threat Analysis, Risk Assessment, Business Continuity, Crisis Management, Disaster Recovery Plans, etc.
  • Experience delivering secure and lovable products.
  • Founding-spirited with grit & guts to pursue complex worldwide ambitions.
  • Self-starting, result-and-solution-oriented entrepreneur.
  • Problem-solving competences in respect to other stakeholders.
  • Humble, respectful, and very professional to others.
  • Able to decide even in stressful, unstable situations.
  • Appetite for Cybersecurity, Blockchain, Distributed & Decentralised Software, and Financial Services.
  • Fluent English language skills (written/spoken).
  • (Bonus) Ideally with engineering, or physical security background

RECRUITMENT PROCESS

  • 30mn screening interview with Christopher
  • 60mn focus interview with Christopher and David
  • 60mn last interview with Clarisse, Christopher and David

ADDITIONAL INFORMATION

  • Contract Type: Full-Time
  • Start Date: 10 May 2021
  • Location: Paris, France (75013)
  • Experience: > 10 years
  • Possible full remote
  • Salary: between 100000€ and 150000€ / year