VP, Cybersecurity & IT

OUR VISION

In the new and exciting world of the decentralized internet, otherwise known as Web3, it is an individual’s fundamental right to own and control their digital identity. To ensure that the individual is paramount in Web3, we are developing a suite of applications to enable everyone to safely engage, take part, and transact in the emerging, decentralized world of the internet. Our platform centers on Web3 Identity and leverages that identity to provide individuals with secure digital asset storage and recovery, access to decentralized finance, the ability to prove ownership of their creations, and gateways to digital interactions and experiences – all to empower and benefit every Web3 user.

We believe that the decentralized nature of Web3 creates an opportunity for everyone to challenge the digital status quo—to own and control their identity, data, finances, creations, and future. This is the chance to get it right – to rally a movement of individuals so Web3 belongs to everyone, not to trillion-dollar companies. To fulfill this vision, we are seeking dynamic people who want to join us in leading the way to this new world.

WHAT YOU WILL DO

As the VP, Cybersecurity and IT, you are responsible for creating and managing a global, enterprise-wide security program to ensure that our information assets are protected from all foreseeable threats. Reporting directly to the Chief Operating Officer, you will create and implement the security strategy, policies, and operating frameworks required for application, infrastructure, compliance, and all product offerings. You will lead, build, and manage a talented security and IT team, foster our security vision, develop the roadmap to achieve it, and mentor the team to deliver on the strategy.

Your role fills a visible, strategic, and high-impact leadership position within the organization, you have excellent domain knowledge and skills that leverage the capabilities of peers, business partners, associates, and clients. You instill the duty to protect our systems and the data of customers, employees, investors, and partners. As such, you will engender control, trust, accountability, transparency, and urgency to execute their responsibilities.

You have a mastery of corporate security (vulnerability, data loss prevention, zero trust networks, etc.), operational security (high availability cloud platform at significant scale), product security, and regulatory frameworks (ISO, SOC, and bank regulatory).

Essential functions include, but are not limited to:

• Defining and executing both vision and strategy for the entire company’s security risk management program to include organizational security, information technology, application security, and compliance, leveraging a combination of leadership and influencing skills to foster support for security business initiatives.
• Responsible for the design, implementation and operational support of organizational information technology systems, software applications, and infrastructure.
• Serving as the primary point of contact for audits concerning source code and technology infrastructure.
• Managing security threats, and helping the business understand the potential security implications of ongoing projects.
• Ensuring global engineering and development teams are empowered with the educational resources and tools needed to incorporate security into development practices and automated build and deployment processes.
• Serving as a cybersecurity risk and subject matter expert for senior management on emerging threats, attacks, vulnerabilities, and security concerns.
• Overseeing the planning and execution of necessary vulnerability audits, penetration testing, or forensic IT audits and investigations.
• Collaborating on the integration of new IT Systems Development with the overall IT, data, and information security policies.
• Communicating security policies and procedures to all personnel and monitoring compliance.
• Improving security processes to ensure our systems are monitored for security alerts, anomalies are tracked, and procedures are followed when alerts are triggered.
• Ensuring the protection of information across the enterprise, including the Legal, IT, Engineering, Product Management, and Finance teams.
• Supporting the Legal and Compliance departments regarding privacy laws and regulations, including GDPR, CCPA, and other state and federal laws implicating information security such as the NYDFS Cybersecurity Regulation.
• Managing your team and vendors involved in IT security, including hiring, and developing a talent pipeline and providing training and mentoring to security team members.
• Ensuring compliance with global data privacy, use, and sharing legislation.
• Developing threat models and engage in ongoing development discussions on secure architecture.
• Managing and coordinating security incident response.
• Adhering to industry best practice coding standards and verify all code developed is free from bugs and security vulnerabilities such as those defined and published by OWASP.

WHAT YOU WILL NEED TO SUCCEED

To ensure success, you must have a passion for security and be detail oriented. You are a diligent worker who is equally technical and business oriented. You are knowledgeable in taking a risk-based approach to prioritize security efforts. You can lead and motivate cross-functional teams while thriving in a fast-paced, growing company. You have a record of successfully and directly managing budgets for information security teams. You have strong verbal and written communication skills, ideally with authoring policy. You have experience in blockchain technology.

YOUR EDUCATION AND EXPERIENCE

This position requires 12 years of experience leading security and IT teams focused on all aspects of cybersecurity, including identity management, security engineering, software security, GRC, and security operations. Three years in a senior leadership role at a global business, including financial services and blockchain technology experience. Five years of experience in securing systems running on public cloud infrastructures. You possess professional certifications CISSP, CISM, CCP, CIPP, CASP+, CCSP and/or other designations. This position also requires you to have a deep understanding of best practices relating to Information Security and Risk Management, including standards such as ISO/IEC 27001, ISO 22237, SOC2/SOC3, Cyber Essentials, and CCSS (Cryptocurrency Security Standard).

Blockchains, Inc. (“Blockchains”) is proud to be a diverse workforce, and we are committed to inclusion and diversity to ensure equal opportunity for all applicants. Blockchains provides equal employment opportunities to all employees and applicants regardless of race, color, religion, sex, sexual orientation, gender identity and/or expression, national origin, age, marital status, physical or mental disability, veteran status, or any other characteristic protected by federal, state, or local laws.

When you apply to a job on this site, the personal data contained in your application will be collected by Blockchains, Inc. (“Controller”), which is located at 610 Waltham Way, Sparks, NV 89437 and can be contacted by emailing privacy@blockchains.com. Controller’s data protection officer is Karla Pinckes, who can be contacted at privacy@blockchains.com. Your personal data will be processed for the purposes of managing Controller’s recruitment related activities, which include setting up and conducting interviews and tests for applicants, evaluating and assessing the results thereto, and as is otherwise needed in the recruitment and hiring processes. Such processing is legally permissible under Art. 6(1)(f) of Regulation (EU) 2016/679 (General Data Protection Regulation) as necessary for the purposes of the legitimate interests pursued by the Controller, which are the solicitation, evaluation, and selection of applicants for employment.
Your personal data will be shared with Greenhouse Software, Inc., a cloud services provider located in the United States of America and engaged by Controller to help manage its recruitment and hiring process on Controller’s behalf. Accordingly, if you are located outside of the United States, your personal data will be transferred to the United States once you submit it through this site. Because the European Union Commission has determined that United States data privacy laws do not ensure an adequate level of protection for personal data collected from EU data subjects, the transfer will be subject to appropriate additional safeguards under [either the standard contractual clauses or the Privacy Shield]. You can obtain a copy of the standard contractual clauses by contacting us at privacy@blockchains.com. 
Your personal data will be retained by Controller as long as Controller determines it is necessary to evaluate your application for employment.  Under the GDPR, you have the right to request access to your personal data, to request that your personal data be rectified or erased, and to request that processing of your personal data be restricted. You also have to right to data portability. In addition, you may lodge a complaint with an EU supervisory authority.