Chief Information Security Officer

At Kantox we are looking for a ‘tactical’ CISO to drive the security, resilience and IT Risk agenda.  As a new dedicated role the CISO will be a trusted advisor to the business, senior management and a partner of BNP Paribas CIB.

IT Risk, Cybersecurity and cyber resilience are constantly evolving and are under increased scrutiny by the bank’s management. You will significantly contribute to Kantox management ambition to ensure more effective IT risk management in the context of material evolution and increased threat.

The Kantox Engineering Manifesto

Kantox is a team sport. Our engineering culture is devoid of egos yet we take great pride in our work. We believe in constructively challenging each other pushing our knowledge, code, processes to the absolute limit.

Our processes are based around continual self improvement, continuous code integration and deployment.

Your mission within Kantox

The Kantox CISO will be in charge of ensuring the maintenance of the ISO270001 Certified ISMS and to evolve the systems and drive forward the maturity of the Kantox security posture.  

You will be in charge of determining the cyber security programme and operating model in conjunction with the CTO, business and board of directors with the support of BNPP Corporate and Institutional Banking

Security & Operational Resilience

• Operate and evolve the ISMS in alignment with ISO 27001 and other information security requirements
• Grow and develop security programmes focusing on:
• Vulnerability Management
• Application Security
• Data Protection & Technical Security
• Security Architecture
• Cloud Security
• Incident Management & Monitoring
• Threat Intelligence & Horizon Scanning
• Identity & Access Management (incl. Privileged access)
• Performing cybersecurity assessments as required by policies or regulations;
• Ensuring appropriate awareness for Cybersecurity and Resilience;
• Contributing to operational resilience (DORA) 

Governance

• Develop and operate governance mechanisms aligned to risk and scale of an SME
• Align to relevant Group practices and processes (with support of BNP Paribas CISO Global Markets)

Who you are

• Excellent understanding of IT Risk management concepts and their implementation (not limited to IT Security)
• Strong technical skills required to understand vulnerabilities in detail and how to resolve/mitigate them, therefore being in capacity to assess effectiveness of measures and residual risk. 
• Excellent knowledge of IT  best practices, from development to production and security
• Familiarity with security risk standards, such as ISO 31000/27001/27005
• Well-developed written communication skills with the ability to summarise key issues, conclusions and recommendations. Target audiences will include regulatory authorities, internal/external auditors and senior business stakeholders
• Awareness of key FFIEC and NIST standards related to IT security or IT Risk (NIST Cyber is a must)
• Rigorous and reliable in his/her findings, the candidate must be able to provide high quality findings and risk analysis without relying excessively on second opinion.
• The candidate will be a forward thinking individual with the ability to look beyond immediate problems and issues, but with a solid practical delivery focus.
• Highly skilled and able to demonstrate value to the security and risk communities at a practical level, working alongside analysts, security, application and business staff on a collaborative basis
• The ability to manage independent responsibilities and projects while working closely with the security, IT and business communities; the candidate must be well organised, self-motivating and a good communicator
• A pragmatist with the strength of character to lead divergent interests to common ground and the best outcome 
• Able to communicate effectively across a wide range of seniorities from entry level developer to senior management.
•  Approachable and willing to share their expertise and experience in order to assist the development of teams and individuals
• English fluency is a must

Preferred:

• Any experience with operating systems with a heavy public cloud footprint
• Previous experience in financial services and/or another regulated environment is highly beneficial and will enable the successful candidate to make progress quickly.
• Any experience in the currencies or payment space.
• Exposure to NIST SP 800-30, ISACA IT Risk framework or equivalent
• Familiarity with product adoption life cycles, with an understanding of the different methods technologies, products and approaches can be introduced to an enterprise and the merits of each

Our culture

• An environment of innovation, accountability, and constructive feedback
• A diverse and multicultural team of over 40 different nationalities
• Grow your role and build your career with our learning and development opportunities. 
• A collaborative and inclusive culture of sharing and teamwork. Build connections for life.
• Hybrid working and flexible hours so you can work when and where you feel best
• Some testimonials: “The culture and the people at Kantox make me want to recommend Kantox as a place to work. There is a good balance between learning and growing and support from fellow team members. I feel like the people are very welcoming and make Kantox an easy place to feel at home."

What we offer:

• Competitive salary
• Sponsored learning budget
• Free private health insurance
• Free Spanish, English and French lessons
• Relocation package if needed
• Flexible working hours with an intensive Friday schedule
• Hybrid work model
• 31 days of annual vacations
• Gym discounts and free sport activities
• Restaurant Ticket with monthly credit and regular cross-team lunches
• Fresh fruit and unlimited coffee
• Beautiful office with incredible 360-degree views of Barcelona

About Kantox

Kantox is a leading fintech company developing sophisticated Currency Management Automation software solutions that help companies to automate their foreign exchange processes and leverage currencies for growth.

We are a 195-person strong team, split between London and Barcelona. So far, we’ve raised over €30 million and became profitable in 2018. Thanks to our clients, we continue to grow at a fast pace. Clients in 75 countries have already exchanged more than USD $18 billion with us!

As of July 2023, Kantox is a BNP Paribas company. Kantox will continue to operate as an independent company, now with the experience and market power of BNP Paribas behind it.

Our Commitment to Diversity, Equity & Inclusion

Kantox is deeply committed to diversity, equity and inclusion both in our hiring practices and in our experiences as a Kantox employee.

We’re proud to be an equal opportunity employer, and encourage all applicants regardless of race, religion, or belief (if any), color, nationality, ethnic or national origin, gender, gender identity, pregnancy and maternity, sexual orientation, age, marital and civil partnership status, or disability status.