**Role Purpose**

As the designated Security Lead and Crypto Safeguarding Officer for our European operations, you will be responsible for the digital operational resilience of our EU-licensed entity. You will ensure that our crypto-asset services comply with the Markets in Crypto-Assets (MiCA) regulation and the Digital Operational Resilience Act (DORA). You will also be responsible for the oversight and design of the crypto-asset safeguarding framework, ensuring that safeguarding arrangements meet regulatory expectations and internal standards. Where needed, you will also oversee the local IT environment to ensure it supports the entity's security, compliance, and operational needs. You will act as the primary point of contact for EU regulators regarding ICT risk and cybersecurity.

**Key Responsibilities**

1. Regulatory Compliance & Governance (DORA & MICA)

  - Establish and maintain the ICT Risk Management Framework as required by DORA.

  - Develop and enforce local security policies that align with industry standards (e.g., NIST, ISO 27001) while ensuring consistency with the group's global security standards where appropriate, subject to the European entity's autonomous governance and decision-making authority.

  - Report directly to the EU Board on security risks, providing the necessary oversight for the Board to fulfill its legal accountability under DORA.

2. Security Monitoring & Incident Response

  - Participate in and leverage the 24/7 security operations (SOC) to ensure continuous visibility into EU-licensed infrastructure, detecting unauthorized access or system anomalies.

  - Define and manage the ICT-related incident classification and reporting process.

  - Lead the response to cybersecurity incidents within the EU entity and ensure timely notification to the local regulator within the mandatory DORA timelines.

  - Oversee the integration of EU-specific systems into the central SIEM, ensuring that all logs required for DORA and MICA audit trails are being captured and monitored effectively.

3. Digital Operational Resilience Testing

  - Coordinate annual vulnerability assessments and network penetration tests

  - Manage Threat-Led Penetration Testing (TLPT) if required by the firm's size/complexity

  - Oversee the Business Continuity and Disaster Recovery (BCDR) plains for the EU entity.

4. Wallet & Key Security

  - Coordinate with internal and external stakeholders on custody, wallet infrastructure (e.g., MPC, HSM), and operational controls to ensure client assets are safeguarded in line with MiCA requirements.

  - Support due diligence and ongoing oversight of third-party custody and safeguarding-related

service providers

  - Support due diligence and ongoing oversight of third-party custody providers, focusing on their backup mechanisms and their ability to fulfill recovery time objectives (RTOs) during a crisis.

  - Design and oversee robust Key Recovery and Backup protocols (e.g., shard recovery, social recovery, or physical backups) to ensure no single point of failure and to satisfy MiCA's 'availability of assets' requirements.

5. Local IT Oversight

  - Maintain a comprehensive ICT Asset Register for the EU entity, ensuring all critical software and hardware are mapped for regulatory reporting.

  - Coordinate with the group's global IT team on IT service delivery, account provisioning, and technical support for EU-based staff, acting as the local point of contact for IT matters.

  - Ensure that local IT arrangements, including vendor selection and cloud services, comply with DORA third-party and operational resilience requirements.

  - Audit and review service level agreements (SLAs) with a focus on data exit strategies and security compliance.

6. Group Coordination

  - Coordinate with the group's global ICT and infrastructure teams to ensure alignment on security standards, tooling, and threat intelligence, while maintaining the European entity's full autonomous governance and regulatory accountability.

Required Qualifications & Skills

Experience: Minimum 5 years in Information Security (or equivalent combination of professional experience and certifications), ideally within FinTech, Blockchain, or traditional Finance.

Certifications: Ideally hold CISM, CISSP, or CISA. Additional relevant security or risk certifications are a plus.

Regulatory Knowledge: Deep understanding of DORA and MiCA requirements. Familiarity with GDPR is essential.

Technical Knowledge: Understanding of Cold/Hot Wallet security, Multi-Party Computation (MPC), or smart contract auditing. Strong familiarity with IT infrastructure, cloud environments, and endpoint management is essential to provide effective oversight of the local IT landscape.

Crypto & Safeguarding Knowledge: Understanding of crypto-asset businesses, CASP operating models, and key risks relating to custody and safeguarding. Ability to translate regulatory and operational requirements into practical safeguarding frameworks and controls.

Language: English (Fluent), German (Ideally), Mandarin (Plus)