Post a job

Chief Information Security Officer

Finoa logo

DE and PT

Job Description

Your mission

We are a leading blockchain asset custody platform, committed to providing secure and reliable services to our clients. We use state-of-the-art technology and offer our customers security at the highest level. To strengthen our team, we are looking for an experienced and motivated Chief Information Security Officer who wants to shape the future of the company with us.

In this role, you will:

  • Build a security framework and architecture as a strategy and:

    • Develop and enforce Security Policies: Establish, implement, and enforce comprehensive security policies, procedures, standards, and guidelines

    • Target Measures Catalog and Control Framework: Define and maintain a robust control framework, documenting the scope and applicability of the information security management system

    • Policy and Process Management: Prepare, maintain, and enforce information security policies, manage the security process, and oversee IT service provider involvement

  • Provide ongoing research into threats, cyber security and technologies in order to adapt target measures accordingly

  • Metrics Reporting: Gather and report on established security compliance metrics to provide transparency and accountability

  • Management Communication: Inform the Management Board about Information Security Risks and ensure follow-through on mitigative actions

  • Firmly conducting audits internally and at external service providers in close coordination with Risk Control and DPO

  • Support during the year end external audits

  • Evaluate reports from external service providers

  • Examine and report information security incidents to the Management Board, ensuring effective incident response and remediation

  • IS Compliance Education: Educate control owners on compliance workflows and processes, ensuring understanding and adherence to security standards.

  • Participate in complex projects and have a close coordination with the CTO

  • Conduct and ensure Security trainings for the company and our team to keep security awareness high, promoting a security-conscious culture within the organization

  • Lead and develop our information security team of 3-4 employees to work closely with the tech units that have operational responsibility

  • Fully integrate with and report to RiskControl and Management

  • Support for Operational Risk Management in Risk Controlling the

    • Identification and assessment of ICT risks

    • Development and implementation of risk mitigation strategies and measures

    • Carrying out IS risk analyses and assessments

    • Monitoring and reporting on ICT risks and their status

    • Supporting BCM with contingency plans and business continuity strategies

What you need to be successful:

  • Professional credentials through studies or other qualifications
  • At least 5 years of experience in information security, of which at least 2 years in a management position
  • Experience of work in a regulated financial institute
  • In-depth knowledge of risk analysis and IT security architecture
  • Experience with regulatory requirements and in particular DORA and BAIT
  • Experience in KWG 44 audits is an advantage
  • Strong leadership and communication skills with a good dose of assertiveness
  • Excellent analytical skills, problem solving skills and the ability to communicate complex technical issues in an understandable way
  • Certifications such as CISSP, CISM or CISA are a plus
  • Very good knowledge of German and English (English is the company's main language of communication - German is the external auditors and regulators main language)

What’s in it for you:

  • Accelerate your career growth by joining one of Europe's leading cryptocurrency management platforms
  • 25 vacation days per year, with an additional day for each year of service - up to 30 days
  • Access to cutting-edge technologies, high levels of autonomy, and international working environment
  • Flexible working hours, hybrid work setup from both our Berlin and the Porto offices
  • Fitness membership
  • Hot/cold drinks and snacks in the office, and All Hands meetings once a month with pizza

Advice from our career coach

As someone who has worked in various industries at different levels, I can confidently say that a successful applicant for the Chief Information Security Officer role at a leading blockchain asset custody platform should possess a mix of technical expertise, leadership skills, and industry-specific knowledge. To stand out as an applicant, consider the following tips:

  • Highlight your experience in information security, especially in a regulated financial institute, showcasing your ability to navigate complex security landscapes.
  • Emphasize your leadership and communication skills, as the role involves managing a team and interacting with various stakeholders.
  • Showcase your certifications such as CISSP, CISM, or CISA to demonstrate your commitment to continuous learning and professional development.
  • Fluency in both German and English is essential, as English is the company's main language of communication while German is crucial for external auditors and regulators.
  • Highlight any experience with regulatory requirements such as DORA and BAIT, as well as KWG 44 audits, to demonstrate your understanding of compliance in the financial sector.
  • During the application process, be sure to articulate your ability to provide ongoing research into cyber threats and technologies, as well as your experience in developing and enforcing security policies and processes.

Apply for this job


Please let Finoa know you found this job with This helps us grow!

About the job

Jul 11, 2024


  1. DE Germany
  2. PT Portugal mascot