Chief Information Security Officer (CISO)
About The Position
CEX.IO Europe is in the final stages of obtaining authorisation under the EU Markets in Crypto-Assets Regulation (MiCA) as a Crypto-Asset Service Provider (CASP) in Spain. As part of our regulatory readiness and local substance requirements, we are actively recruiting a Spain‑based Money Laundering Reporting Officer (MLRO). The CISO will be the primary local official responsible for ensuring the digital operational resilience of CEX.IO Europe S.L. in accordance with Regulation (EU) 2022/2554 (DORA). The CISO’s core mandate is to maintain an effective local capacity for decision-making, supervision, and questioning over all ICT functions delegated to the servicer company, part of the group. This includes the explicit authority to understand, supervise, question, approve, reject, or nullify any technical action, proposal, or recommendation from the Group service provider that impacts EU operations. The CISO is responsible for the independent management of technology and cyber risks within the Spanish jurisdiction, ensuring operational substance and digital resilience. The CISO acts as the principal technical liaison and accountable officer for the CNMV and Bank of Spain, on all cybersecurity, DORA compliance, and DLT-related supervisory matters.
Requirements
- University degree in Engineering, Computer Science, or Cybersecurity (ideally complemented by relevant certifications such as CISM or CISSP).
- Proven track record in building cybersecurity frameworks and complying with EU financial regulations (DORA, MiCA, PCI DSS)
- Technical Knowledge: Secure cloud architecture (specifically AWS environments)
- Vulnerability management and monitoring tools (Grafana, Kibana, SIEM)
- Cryptographic protocols and secure private key management
- Strong communication skills for interacting with regulators and the ability to lead global technical teams under a "hub and spoke" operational model
Responsibilities
- Lead the implementation and maintenance of the ICT risk management framework to meet CNMV and ESMA standards
- Supervise and control ICT services provided by CEX.IO Ltd (UK), including cloud infrastructure, software development, and security operations
- Identify, assess, and mitigate technological risks. Conduct annual reviews of the Business Impact Analysis (BIA) and the ICT Risk Assessment
- Act as the ultimate authority for initiating the Incident Response Plan (IRP) for high and critical levels. Coordinate the notification of major incidents to the CNMV within mandated timelines (4h/72h/30 days)
- Supervise critical ICT third-party service providers, with a focus on monitoring and ensuring compliance with agreed SLAs, RPOs, and RTOs
- Oversee the security of crypto-asset custody solutions (Proprietary V2/V3 and external sub-custodians, like Coinbase). Ensure the integrity of MPC (Multi-Party Computation), HSM (Hardware Security Modules), and multisig signing processes.
- Supervise the Secure Software Development Life Cycle and validate security testing in pre-production (UAT) environments before deployment
- Approve and collaborate on operational resilience testing plans and specific tests regarding Distributed Ledger Technology (DLT)
- Maintain a unified and centralized inventory of CEX.IO systems and infrastructure
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
