Chief Information Security Officer
Barcelona, Catalonia, Spain
Kantox
Kantox is the global leader in Currency Management Automation. We help businesses optimise their entire FX workflow while removing currency and operational risks.At Kantox we are looking for a ‘tactical’ CISO to drive the security, resilience and IT Risk agenda. As a new dedicated role the CISO will be a trusted advisor to the business, senior management and a partner of BNP Paribas CIB.
IT Risk, Cybersecurity and cyber resilience are constantly evolving and are under increased scrutiny by the bank’s management. You will significantly contribute to Kantox management ambition to ensure more effective IT risk management in the context of material evolution and increased threat.
The Kantox Engineering Manifesto
Kantox is a team sport. Our engineering culture is devoid of egos yet we take great pride in our work. We believe in constructively challenging each other pushing our knowledge, code, processes to the absolute limit.
Our processes are based around continual self improvement, continuous code integration and deployment.
Your mission within Kantox
The Kantox CISO will be in charge of ensuring the maintenance of the ISO270001 Certified ISMS and to evolve the systems and drive forward the maturity of the Kantox security posture.
You will be in charge of determining the cyber security programme and operating model in conjunction with the CTO, business and board of directors with the support of BNPP Corporate and Institutional Banking
Security & Operational Resilience
- Operate and evolve the ISMS in alignment with ISO 27001 and other information security requirements
- Grow and develop security programmes focusing on:
- Vulnerability Management
- Application Security
- Data Protection & Technical Security
- Security Architecture
- Cloud Security
- Incident Management & Monitoring
- Threat Intelligence & Horizon Scanning
- Identity & Access Management (incl. Privileged access)
- Performing cybersecurity assessments as required by policies or regulations;
- Ensuring appropriate awareness for Cybersecurity and Resilience;
- Contributing to operational resilience (DORA)
Governance
- Develop and operate governance mechanisms aligned to risk and scale of an SME
- Align to relevant Group practices and processes (with support of BNP Paribas CISO Global Markets)
Who you are
- Excellent understanding of IT Risk management concepts and their implementation (not limited to IT Security)
- Strong technical skills required to understand vulnerabilities in detail and how to resolve/mitigate them, therefore being in capacity to assess effectiveness of measures and residual risk.
- Excellent knowledge of IT best practices, from development to production and security
- Familiarity with security risk standards, such as ISO 31000/27001/27005
- Well-developed written communication skills with the ability to summarise key issues, conclusions and recommendations. Target audiences will include regulatory authorities, internal/external auditors and senior business stakeholders
- Awareness of key FFIEC and NIST standards related to IT security or IT Risk (NIST Cyber is a must)
- Rigorous and reliable in his/her findings, the candidate must be able to provide high quality findings and risk analysis without relying excessively on second opinion.
- The candidate will be a forward thinking individual with the ability to look beyond immediate problems and issues, but with a solid practical delivery focus.
- Highly skilled and able to demonstrate value to the security and risk communities at a practical level, working alongside analysts, security, application and business staff on a collaborative basis
- The ability to manage independent responsibilities and projects while working closely with the security, IT and business communities; the candidate must be well organised, self-motivating and a good communicator
- A pragmatist with the strength of character to lead divergent interests to common ground and the best outcome
- Able to communicate effectively across a wide range of seniorities from entry level developer to senior management.
- Approachable and willing to share their expertise and experience in order to assist the development of teams and individuals
- English fluency is a must
Preferred:
- Any experience with operating systems with a heavy public cloud footprint
- Previous experience in financial services and/or another regulated environment is highly beneficial and will enable the successful candidate to make progress quickly.
- Any experience in the currencies or payment space.
- Exposure to NIST SP 800-30, ISACA IT Risk framework or equivalent
- Familiarity with product adoption life cycles, with an understanding of the different methods technologies, products and approaches can be introduced to an enterprise and the merits of each
Our culture
- An environment of innovation, accountability, and constructive feedback
- A diverse and multicultural team of over 40 different nationalities
- Grow your role and build your career with our learning and development opportunities.
- A collaborative and inclusive culture of sharing and teamwork. Build connections for life.
- Hybrid working and flexible hours so you can work when and where you feel best
- Some testimonials: “The culture and the people at Kantox make me want to recommend Kantox as a place to work. There is a good balance between learning and growing and support from fellow team members. I feel like the people are very welcoming and make Kantox an easy place to feel at home."
What we offer:
- Competitive salary
- Sponsored learning budget
- Free private health insurance
- Free Spanish, English and French lessons
- Relocation package if needed
- Flexible working hours with an intensive Friday schedule
- Hybrid work model
- 31 days of annual vacations
- Gym discounts and free sport activities
- Restaurant Ticket with monthly credit and regular cross-team lunches
- Fresh fruit and unlimited coffee
- Beautiful office with incredible 360-degree views of Barcelona
About Kantox
Kantox is a leading fintech company developing sophisticated Currency Management Automation software solutions that help companies to automate their foreign exchange processes and leverage currencies for growth.
We are a 195-person strong team, split between London and Barcelona. So far, we’ve raised over €30 million and became profitable in 2018. Thanks to our clients, we continue to grow at a fast pace. Clients in 75 countries have already exchanged more than USD $18 billion with us!
As of July 2023, Kantox is a BNP Paribas company. Kantox will continue to operate as an independent company, now with the experience and market power of BNP Paribas behind it.
Our Commitment to Diversity, Equity & Inclusion
Kantox is deeply committed to diversity, equity and inclusion both in our hiring practices and in our experiences as a Kantox employee.
We’re proud to be an equal opportunity employer, and encourage all applicants regardless of race, religion, or belief (if any), color, nationality, ethnic or national origin, gender, gender identity, pregnancy and maternity, sexual orientation, age, marital and civil partnership status, or disability status.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Automation Banking CISO Cloud FFIEC FinTech Governance ISACA ISMS ISO 27001 Monitoring NIST Risk analysis Risk management Threat intelligence Vulnerabilities Vulnerability management
Perks/benefits: Career development Competitive pay Equity Flex hours Health care Insurance Relocation support Snacks / Drinks Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Security Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs