Coindesk Jobs in Stamford, United States

About TradeBlock

TradeBlock is a wholly owned subsidiary of Digital Currency Group, servicing financial firms with crypto currency trading technology, institutional-grade market data, as well as blockchain data and analytics. We are a technology company focused on building the foundation for the future of finance, using robust blockchain and cryptocurrency infrastructure.



About the Role:

The Director of Security & Compliance is responsible for developing, implementing, maintaining and managing complex programs that reduce operational risk and ensure the security of the company’s systems, including owning all aspects of information security programs and being accountable for the security and protection of all information entrusted to the company by its customers.

Responsibilities

• Incorporate industry security standards into practical security operations, network operations, and application development practices.
• Develop and enforce response procedures for security incidents.
• Manage internal and external audit requests and ensure any findings are addressed in a timely manner.
• Identify, document and monitor technical risks and vulnerabilities to ensure that the company develops and incorporates the appropriate procedures to mitigate them.
• Identify, document and monitor security incidents, working with internal stakeholders to ensure the appropriate controls are introduced to mitigate them.
• Develop, edit and maintain policy documentation related to cyber and physical security, application vulnerabilities, change management, data protection, incident handling, business continuity, risk management and incident response.
• Lead internal training and development efforts around all company policies related to cyber and physical security, application vulnerabilities, change management, data protection, incident handling, business continuity, risk management and incident response.
• Work with governance stakeholders to establish best practices for AWS, system permissions, single-sign-on, etc.
• Review software security architecture for internally-developed systems and system components outsourced to third parties.

Requirements

• CISSP or CISM
• Strong communication skills and a collaborative approach
• 5+ years of professional information security experience
• Experience with information security policy design
• Experience mapping standards such as ISO27001, NIST, SANS Critical Controls, SOC for cybersecurity, etc. into organizational controls.
• Experience with Linux and AWS.
• Excellent documentation skills.
• Knowledge of crypto currency, FX or capital markets preferred.