We are looking for a passionate, driven security leader to join our team in a remote role. Reporting to the Chief Technology Officer, the Chief Information Security Officer will be responsible for leading security and technology initiatives to successful outcomes and ensuring the integrity, confidentiality, and availability of company information and systems.

Additionally, this leader will be responsible for overseeing the IT operations, managing the IT team, and establishing and maintaining best practices in information technology, asset management, while providing security and technology compliance advisory to other business units.

Responsibilities:

• Work closely with Chief Technology Officer, Chief Compliance Officer, Legal Counsel, and other executive leaders to develop and enhance the overall information security program, with a specific focus on engineering and architecture, threat management, identity and access management, vendor management, and regulatory compliance matters
• Own tactical execution of strategic direction and vision of the information security program
• Analyze business priorities and risk exposure to ensure protection of critical systems and data assets
• Develop and maintain security metrics and goals
• Draft information security program policies and procedures to ensure compliance with best practices and regulatory requirements
• Manage expectations of our leadership, customers, third-party partners and employees.
• Direct and oversee information governance activities, including SOC 2 audits, NYDFS Part 500 requirements, EU/DORA requirements, cybersecurity risk assessments, Penetration Tests, program enhancements, and other industry best-practices and regulatory expectations
• Lead information security-related committees and working groups
• Manage incident response program, including business continuity/disaster recovery. program and security incident preparedness
• Manage Endpoint Security
• Manage third-party risk assessments and other risk related audit deliverables
• Represent the company in discussions with auditors and regulators
• Manage security vendor / supplier relationships
• Manage a team of information technology and security professionals, hire and train new employees, conduct performance reviews, and provide leadership and coaching, including technical and personal development programs for team members
• Manage expenses and budgets for information security department; build and present credible business cases for security initiatives and investments or other IT related initiatives
• Lead training and awareness efforts across the organization and build a culture of compliance around information security and data privacy
• Continuously monitor trends to anticipate and plan for information security risks
• Provide positive and collaborative leadership to all departments (e.g., sales, engineering, product management, legal, compliance, finance, customer success)
• Other duties may be assigned as needed

Requirements:

• 8+ years of hands-on, technical security experience, with 4+ years in a role leading teams/programs
• Experience working with global, cross-functional teams
• Experience leading security compliance projects (e.g., SOC 2 audits, cybersecurity risk assessments, regulatory requirements)
• Working knowledge of effective systems architecture and implementations ( Cloud, Hybrid Cloud, DevOps, Open-Source)
• Working knowledge of secure AI use and best-practices
• Knowledge of security standards / frameworks (e.g., NYDFS Part 500, DORA, GDPR, NIST CSF, etc.)
• Practical knowledge of securing remote work environments
• Experience with tools and practices such as GPG key management and remote identity authentication
• Hands on Endpoint Security management (Mac OS)
• Knowledge of applicable laws and regulations (e.g., SOX, GLBA, etc.)
• Excellent oral and written communication skills
• Ability to thrive in a fast-paced, collaborative environment
• Strong organizational and time management skills, including demonstrated ability managing teams and establishing goals and priorities
• BS or MS in Computer Science, Computer Security, Computer Engineering, or other technology-related field
• This is a fully remote role within the United States, and candidates must be able to collaborate across multiple time zones

Preferred:

• Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) Certification
• Experience in the crypto industry or working at a fintech company with payments industry experience a plus
• Experience working at an audit and / or advisory services firm

What We Offer:

• Collaborate with a team of intelligent, enthusiastic individuals
• Thrive in a rapidly expanding crypto company with global reach, where your contributions make a tangible impact
• Work remotely with a generous vacation policy, including the opportunity to take a sabbatical and select your own holidays
• Access to continuous learning and development opportunities, supported by professional development reimbursement
• We offer 100% employer-paid medical and dental and a robust benefits package that includes telemedicine, life and disability insurance, vision coverage, 401(k), travel assistance, and more
• Option to receive payment in cryptocurrency, along with a crypto match program
• Stock option awards are available to all employees
• Home office allowance, reimbursement for internet/cell expenses, and complimentary Amazon Prime and Spotify subscriptions

IMPORTANT NOTICE: We are committed to a safe and secure hiring process. All roles and communications are shared only through our official channels and with employees of BitPay, and applications are posted via our official careers page. We will not message you via social media direct messages or websites not affiliated with BitPay to recruit or collect personal information. To protect yourself from fraud, please ensure that you are applying to BitPay through our official BitPay Career Page and take the following steps if you notice anything suspicious.

BitPay will never ask you to:

• Install remote-access tools (TeamViewer, AnyDesk, etc.)
• Share SSN or banking details before a formal, written offer from BitPay People Ops
• Interview via personal email domains, text, or messaging apps
• Pay fees, purchase equipment, or send money/crypto/gift cards for any reason

How to verify legitimate BitPay recruiting:

• Emails will come only from @bitpay.com (e.g., peopleops@bitpay.com or name@bitpay.com)
• Interviews are conducted via Google Meet links ending in meet.google.com
• Open roles are listed at bitpay.com/careers/

If you receive a suspicious message claiming to be BitPay:

• Do not click links or provide information
• Report as spam/phishing to your email provider
• Verify the role at www.bitpay.com/careers

BitPay is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.