.Chief Information Security Officer - Porto Job Description: Your mission We are a leading blockchain asset custody platform, committed to providing secure and reliable services to our clients. To strengthen our team, we are looking for an experienced and motivated Chief Information Security Officer who wants to shape the future of the company with us. In this role, you will: Build a security framework and architecture as a strategy. Develop and enforce Security Policies: Establish, implement, and enforce comprehensive security policies, procedures, standards, and guidelines. Target Measures Catalog and Control Framework: Define and maintain a robust control framework, documenting the scope and applicability of the information security management system. Policy and Process Management: Prepare, maintain, and enforce information security policies, manage the security process, and oversee IT service provider involvement. Provide ongoing research into threats, cyber security, and technologies in order to adapt target measures accordingly. Metrics Reporting: Gather and report on established security compliance metrics to provide transparency and accountability. Management Communication: Inform the Management Board about Information Security Risks and ensure mitigative actions. Conduct audits internally and at external service providers in close coordination with Risk Control and DPO. Support during year-end external audits. Evaluate reports from external service providers. Examine and report information security incidents to the Management Board, ensuring effective incident response and remediation. IS Compliance Education: Educate control owners on compliance workflows and processes, ensuring understanding and adherence to security standards. Participate in complex projects and coordinate closely with the CTO. Conduct and ensure Security trainings for the company and our team to keep security awareness high, promoting a conscious culture within the organization. Lead and develop our information security team of 3-4 employees to work closely with the tech units that have operational responsibility. Fully integrate with and report to Risk Control and Management. Support Operational Risk Management in Risk Controlling. Identify and assess ICT risks. Develop and implement risk mitigation strategies and measures. Carry out IS risk analyses and assessments. Monitor and report on ICT risks and their status. Support BCM with contingency plans and business continuity strategies. What you need to be successful: Professional credentials through studies or other qualifications. At least 5 years of experience in information security, with at least 2 years in a management position. Experience working in a regulated financial institute. In-depth knowledge of risk analysis and IT security architecture. Experience with regulatory requirements, particularly DORA and BAIT. Experience in KWG 44 audits is an advantage
