Director of Information Security
Location: Anywhere you want! Sufficient timezone crossover or willingness to shift hours to work with PST/PDT colleagues required, but we encourage qualified applicants from anywhere in the world to apply.
Language: English is the primary working language at Civic.
Reporting: The Director of Information Security will report to the Chief Operating Officer.
Position Overview: Civic is seeking a seasoned leader to drive our Information Security and Information Protection function. Director of Information Security at Civic is both a technical AND leadership role. You will be working directly with the engineering team on the code of actual working cryptosystems. You must have direct, hands-on experience with fundamental cryptographic algorithms and how cryptosystems are built for privacy, integrity, or authentication/identity.
As a key technology leadership role at Civic, you will be responsible for establishing the company’s security strategy and direction. As such, you will have the opportunity to drive and implement the security strategy at the industry leader for digital identity in the cryptocurrency and blockchain space. Demonstrating your vision, domain expertise, and strong leadership skills, you will help shape the next generation of products and services while justifying the continued trust our clients and consumers have placed with us to ensure their private information is kept secure, while enabling regulatory compliance. The Director of Information Security is responsible for maintaining the data compliance framework,identifying major risk factors (product, compliance and operational) for the company, and technical leadership related to both product security as well as operational security
We are looking for relevant, collaborative leadership experience, proven execution ability, and deep technical information security experience as key indicators of success for this role. Working closely with the rest of our engineering teams, you will share responsibilities to ensure that Civic is able to continue to safely and securely ship highly scalable products as quickly as feasible. You will design and work across teams to implement programs to protect our customer and company information and secure our IT infrastructure. You will foster and preserve a balanced culture of security awareness by supporting and enabling risk analysis and strong security practices throughout the company. You will provide leadership in maintaining Civic’s security policies, standards, and practices for the entire company and ensure that Civic is in compliance with all applicable laws, regulations, and policies regarding the securing of information. You will drive implementation of security plans, including internal training, event monitoring, and incident response, and lead the operational processes for monitoring and maintaining policy compliance.
Functional Responsibilities: The day-to-day role of the Director of Information Security role includes developing, defining, maintaining and revising company compliance policies, procedures and systems, as well as liaising with different compliance authorities where Civic operates or wishes to operate. Other responsibilities include:
- Develop and drive implementation of near- and long-term security strategy and goals in alignment with Civic’s business objectives and culture.
- Partner across Civic (and with external teams as needed) to ensure that security is designed into our products and processes from the early stages.
- Prepare and present accurate and timely information in response to audits and client inquiries; institute a proactive culture to align activities and measurement with internal policy and regulatory requirements.
- Oversee management of information security tools, contracts, documentation, standards, and processes to ensure an operating environment that is sound, sustainable, and compliant with company policies and requirements
- Advocate for all company security-related issues, across Civic’s enterprise.
- Resolve security resource requirements including budget, staff, training needs, and prioritization. Work with senior stakeholders, where appropriate, to embed security expertise in other functions.
- Provide expert counsel and mentorship to senior leadership (including on occasion the board of directors) on security and its impact across business strategy, programs, products/services, and operations.
- Develop and drive security risk analysis, mitigation, and remediation plans. Plan for and lead security incident response and recovery efforts.
- Evolve Civic’s capability to monitor threats and vulnerabilities as well as detect, investigate, respond to, and recover from incidents.
- Own all documentation, process, and training surrounding Civic’s disaster recovery abilities.
Requirements: Civic is looking for people who are passionate about identity, their work, take full ownership, and believe in transparent and collaborative culture with the goal of making Civic successful.
- 10+ years of enterprise information security or relevant technology experience.
- A breadth of hands on and senior leadership experience in security, engineering, or IT management.
- Experience working with C-Level executives and other senior partners.
- Significant experience running an enterprise-wide technology security function, preferably in a broadly scaled fintech/digital asset related industry.
- Deep knowledge of blockchain technology and cryptography are essential.
- Experience in leading engineering culture in an agile environment, and ability and proven success to cultivate and grow the culture within and across existing teams.
- Proven strong leadership and management skills and the ability to secure results through others.
- Excellent communication skills, especially the ability to communicate security and risk-related concepts to technical and non-technical audiences.
- Ability to understand the business context and technology challenges and handle uncertainty and apply appropriate security solutions in response to multiple risks and needs.
- Knowledge of relevant security and compliance frameworks, standards, and regulations (such as SOC2, NIST, COBIT, ISO270xx).