Zodia Custody
Information Security Risk Specialist
Zodia CustodyLuxembourg14 hours ago
Full-timeInformation Technology
The Information Security Risk Specialist reports to the Chief Security Officer of Zodia Custody, who is accountable for Information & Cyber Security. As Zodia's core mission is to provide safe custody of digital assets, this role is critical for ensuring that appropriate security countermeasures and operational capabilities have been implemented to respond to the evolving threat landscape of cyber-attacks.

Key Purpose

  • Maintain strong stakeholder engagement and serve as a point of contact of ICS related matters;
  • Help to drive ICS requirements of Zodia and its clients into enhancements to Zodia products or ICS related initiatives;
  • Engage external agencies / third parties to understand the threat environment and reported events; assess impact to Zodia;
  • Engage with ICS stakeholders and external clients to demonstrate how ICS controls are being embedded into Zodia.

Key Responsibilities

  • Continually improving Zodia's product and platform security by embedding security and resilience from the start and by default;
  • Partner with various Zodia teams to continually drive down ICS risks, within risk appetite;
  • Contribute to the operational delivery of controls, specifically for threat intelligence & modelling, application security, identity & access and security incident management
  • Manage ICS industry certification and audit activities for ISO 27001:2022 and SOC 1 & 2
  • Oversee and play a core role in lifecycle management of keys, covering generation, use and decommissioning of keys
  • Review regulatory obligations for ICS requirements across Zodia's jurisdiction footprint & drive implementation into technology (e.g. SG/MAS, EU/CSSF & DORA, AU/ASIC, UAE/ADGM, HK/HKMA etc). Take responsibility for effective implementation and coordinate with risk, compliance and technology teams to ensure effective oversight
  • Contribute ICT related information for regulatory reporting managed by the Compliance team
  • Drive security culture/awareness and help improve readiness for a cyber event;
  • Contribute to the enhancement of ICS policy, standards and DOIs
  • Support the planning and implementation of Business Continuity Management within the organization
  • Provide technical expertise and knowledge in the context of the monitoring outsourced ICT service provider
  • Work with the stakeholders and other functions to validate the resilience of data and systems against Cyber threats
  • Collaborate with colleagues on client acquisition, improving the efficiency of due diligence processes and client pitches

Requirements

Experience Required

  • Demonstrable knowledge in Crypto Asset security, specifically around key management, custody & smart contracts
  • Experience in information security domains such as threat intelligence & modelling, identity & access, incident and investigation management
  • Strong technical and hands-on experience in application security, including management of assurance activities such as pen-testing and bug bounty programmes
  • Experience working with Development and Engineering functions to improve security features and outcomes in applications
  • Experience managing an industry security framework such as ISO 27001 and SOC

Type of person

  • Ability to deal and influence outcomes with cross functional teams and colleagues
  • Familiar and able to thrive in fast paced environment with constant change
  • Enjoys hands-on execution of tasks with "get things done" mindset.
  • Able to manage both global and local role requirements and demands

Benefits

We are a friendly team, with monthly socials and seasonal celebrations as well as offering a range of fantastic benefits including:

  • 30 days annual leave
  • Pension contribution
  • Annual training allowance
  • Flexible national holidays (can chose whether to work on national holidays and use the leave elsewhere in the year)

Key Skills

Ranked by relevance
Apply