Chief Information Security Officer

???? **Privacy Notice**

**Chief Information Security Officer (CISO)**

San Francisco, US remote / Information Security / Full-time Since 2016, Metal has been at the forefront of delivering technology that will drive the next generation of financial services. We brought , and the Proton Chain blockchain to market, have over 300,000 global users and are growing rapidly. We are deeply involved in the discussion for bringing meaningful regulation and guidelines for next generation crypto, digital banking and payment solutions regardless of geographic location. Metal is searching for a Chief Information Security Officer (CISO) with a unique background and experience to oversee, maintain and execute all information security and data protection initiatives in the firm - including its current apps: and and its proposed First Blockchain Bank & Trust. The CISO works very closely with senior department heads and managers from the various organizational disciplines including operations, engineering, products, compliance, and audit. The position requires a deep understanding for identifying and assessing inherent risks across the enterprise and instituting appropriate mitigation strategies including those related to cyber-threats.

At Metal, we are shaping digital money and revolutionizing the way people transact by building the decentralized financial infrastructure of the future. To date, we have launched and operate Metal Pay (digital banking and crypto wallet) and Proton SDK a distributed ledger for identity and interaction with the card and banking payments settlement layer.

Metal, through its Metal Pay app, created an all-in-one mobile application that could process both USD and digital asset purchases and transfers. The innovative product was the first of its kind to combine traditional bank accounts and cryptocurrency wallets into a single application. Metal is licensed as a money transmitter in multiple states across the US.

In 2020, Metal launched Proton Chain, a blockchain and ecosystem designed to facilitate banking and payments on-chain. Features such as identity on-chain, human readable names, and no transaction fees, make Proton Chain an ideal platform for the next generation of banking and FinTech applications.

In 2021 Metal built many applications on top of Proton Chain, including the flagship signing tool . We expect 2022 to be a pivotal year for Metal as we seek regulatory approval to become a fully licensed bank.

If you seek opportunity, challenge, and demonstrate a creative passion for decentralized finance, transformational digital banking services and virtual currencies we encourage you to speak with us.

**The Opportunity**

Experienced candidates will personally implement robust information security practices, establish a framework for best practices and continuous improvement and possess a deep understanding of regulatory expectations.

The position requires risk management experience and critical thinking skills for establishing and maintaining sound governance principles. A hands-on approach is required, and the individual should understand privacy regulations within the data and information security environments. Experience in developing the overarching policies and procedure source documents and building out a real-time infosec enterprise security dashboard will be required. The role requires leadership and management experience for delivering presentations to corporate executive leaders, regulatory agencies, and corporate board committees.

The role is highly visible and provides for an exciting opportunity within a rapidly changing transformational industry. **Responsibilities:**

+ Develop, implement, and monitor a strategic, comprehensive enterprise and application IT cybersecurity program. Drive security standards across the organization, including information security policies and guidelines

+ Originate and improve upon all related policies and procedures

+ In charge responsibilities for related audits, regulatory examinations and inquires and related RFP and RFI responses

+ Analyze and test systems and processes to understand vulnerabilities to cyber threats Set project security standards and ensures compliance throughout development

+ Continuously and measurably improve our technology and data security

+ Provide strategic and tactical vision, along with execution focused on incident prevention, detection, and response

+ Conduct related risk-assessments and define/measure mitigation efforts that result in measurable residual risk standards

+ Identify, track, and communicate detailed metrics indicating overall security risk factors to the Board of Directors, Senior Leadership, and other executives regularly

+ Work with team members and developers on the design and development of threat deterrence and defense technologies and risk mitigation infrastructure

+ Conduct research to understand emerging threats and develop innovative risk management approaches, tools, and analytics to better manage risk

+ Coordinate with executive leadership annual third-party security risk assessments

+ Lead the annual internal risk assessment. Document its findings and develop recommendations to address deficiencies

+ Participate and represent the company within related professional associations and industry events

**Qualifications:**

+ 10+ years of information technology experience

+ 5+ years of work experience in a cyber security, information security or data risk management capacity in a bank

+ Knowledge of blockchain security protocols and identity verification forensics for blockchain and digital wallets

+ Subject matter expertise for the creation and security of identity and access management

+ Knowledge of Terraform in GitLab codebase to make updates to AWS IAM and ability to create scripts that use Okta and Google Groups APIs

+ Proven ability to write and execute penetration tests using credible and certified testing tools

+ Knowledge and protocol for secrets management programs

+ Knowledge and expertise for CICD Pipeline Security, including the evaluation of current state systems with deployment of security scanners such as SonarCube and ChackMarx

+ Experience developing and managing information security and/or data privacy programs and a proven track record of implementing organization-wide solutions that protect information assets

+ Knowledge of relevant legal and regulatory requirements related to data and information security in the financial services sector

+ A solid understanding of information security and data privacy concepts, threats, and technologies, including industry standards and best practices

+ Knowledge and experience working with Python, JSON, Hashicorp, React, GitLab/Terraform, C++ and numerous other coding and software languages and tools

+ The ability to manage multiple tasks independently and deadlines in a fast-paced environment

+ Ability to proactively seek new ideas and solutions to improve traditional financial service products and services with transformation to digital solutions

+ Ability to create a threat assessment matrix and design robust mitigation strategies

+ Ability to manage SOC 2 certification efforts and similar engagements with outside vendors

+ A commitment to the highest ethical standards and to act with professionalism and integrity

+ Experience or knowledge of financial services/banking FFIEC risk assessments and NIST, SIGS or related frameworks for internal controls

+ Relevant professional certification (CISM, CISSP, Security+, etc.)