About us

Aquanow is a trading and technology company powering the next generation of financial services. We’re at the forefront of the rapidly evolving digital asset space, empowering businesses to navigate the complexities of cryptocurrencies and blockchain technologies. As a leading provider of infrastructure solutions, we offer innovative services in cryptocurrency trading, liquidity management, and secure digital asset storage. Our platform is built to deliver seamless, scalable, and reliable solutions that cater to the needs of institutional clients and businesses seeking to unlock the potential of digital finance. Aquanow is committed to driving growth and shaping the future of the digital economy by offering unparalleled opportunities for innovation and advancement in the world of digital assets.

With rapid global expansion, we have established offices in Vancouver, Toronto, Dubai, Malaysia, Turkey, Estonia, and beyond. Our international customer base includes some of the world’s fastest-growing fintech companies and leading financial institutions.

Your Contribution to Our Growth

We are hiring a Cybersecurity Specialist to support and strengthen Aquanow’s technology risk management and operational resilience programs. You’ll help ensure that our Information and Communications Technology (ICT) systems, processes, and controls meet the Digital Operational Resilience Act (DORA) requirements — maintaining high levels of cybersecurity, business continuity, and compliance.

This role will work closely with our Group Technology Security team and collaborate across IT, engineering, and compliance departments globally. You’ll play an essential role in developing, implementing, and continuously improving Aquanow’s cybersecurity posture across people, processes, and technology.

This is a Full-Time, Permanent position based in Tallinn, Estonia, with a hybrid work model.

What You’ll Do

1. Risk Management

• Identify, assess, and monitor ICT risks in alignment with DORA’s ICT Risk Management Framework.
• Maintain an up-to-date risk register and implement appropriate mitigation measures.
• Support the development, testing, and improvement of business continuity and disaster recovery plans.
• Participate in periodic risk assessments and contribute to continuous DORA compliance.

2. Information Security Controls

• Support the identification, implementation, and maintenance of security measures aligned with DORA, ISO 27001, and NIST.
• Work closely with the global security team to monitor network, system, and application security for unauthorized access or data breaches.

3. Incident Management & Reporting

• Contribute to continuous improvement of incident management processes to meet DORA standards.
• Manage procedures for documenting and reporting ICT incidents to relevant authorities within required timelines.
• Conduct post-incident reviews and implement corrective and preventive measures.

4. Digital Operational Resilience Testing

• Plan, execute, and document resilience tests, including penetration testing, red-team exercises, and scenario-based testing.
• Collaborate with internal and external testing partners to validate ICT controls and ensure operational robustness.

5. Third-Party ICT Risk Oversight

• Assess, onboard, and monitor ICT service providers to ensure security and operational integrity.
• Verify that service contracts and SLAs comply with DORA’s third-party risk management standards.
• Support due diligence, concentration risk assessments, and exit strategy planning for critical vendors.

6. Governance and Compliance

• Support senior management in maintaining DORA compliance and regulatory readiness.
• Contribute to internal audits, self-assessments, and cybersecurity policy updates.
• Track and document regulatory updates, ensuring alignment with DORA, NIS2, GDPR, and related frameworks.

7. Continuous Monitoring & Improvement

• Implement monitoring tools and dashboards to track cybersecurity posture and resilience metrics.
• Analyze threat intelligence and system logs to identify anomalies and emerging risks.
• Recommend improvements to strengthen controls, governance, and security frameworks.
• Collaborate with technical teams to apply best practices for securing blockchain-based and payment infrastructures.

We’d Love to See

• 5-8+ years of experience in cybersecurity or ICT risk management, ideally within fintech, banking, or payments.
• Strong understanding of cybersecurity frameworks (NIST, SOC 2, ISO 27001, CIS).
• Hands-on experience with cloud security (AWS) and third-party risk management.
• Knowledge of CI/CD security, vulnerability management, SIEM tools, and incident response.
• Familiarity with IAM, zero-trust architecture, and encryption techniques.
• Understanding of blockchain security and digital asset risks.
• CISM, CISA, or CISSP certifications are preferred.
• Experience supporting internal and external IT audits and certification processes is an asset.
• Fluency in English (spoken and written) — Estonian is considered a bonus

These are not strict requirements to thrive in this role. We believe that people can learn and understand technologies if they are willing. We encourage you to still apply if some of the requirements are missing or lacking.

At our offices you will find a group of people that embrace diversity and value performance over pedigree. Every day we draw value from the diverse experiences of our team whose backgrounds include top financial institutions, tech companies and untraditional backgrounds. Our success comes from identifying exceptional people and providing them with the platform to reach their true potential.

Aquanow is an Equal Opportunity Employer. We are committed to providing equal employment opportunity to all qualified persons without regard to race, color, creed, religion, sex, age, national origin, citizenship status, disability, qualified veteran status, marital status, sexual orientation, gender identity or any other unlawful criterion or circumstance.