Head of Custody Security
Responsibilities
* Conduct, design, and implement testing of security controls covering identity management, key management, and infrastructure (network and cloud) configurations.
* Support client assurance activities, including responding to Requests for Proposals (RFPs), Requests for Information (RFIs), and Due Diligence Questionnaires (DDQs).
* Identify and analyze trends in client inquiries and provide feedback to internal teams to improve documentation and control readiness.
* Perform security due diligence and ongoing monitoring for Web3/blockchain vendors, including assessing their control maturity, reviewing SOC reports and security documentation, and identifying residual risks.
* Facilitate external audit activities, including coordination of walkthroughs, evidence collection, and response tracking.
* Identify and analyze gaps in current and new processes, then develop and track remediation recommendations to completion (e.g., onboarding flow).
* Develop and maintain understanding of applicable financial regulatory security requirements and ensure alignment of controls.
* Research and share information security best practices, emerging threats, and mitigation strategies with internal teams.
* Evaluate and propose next-generation security tools, automation, and technologies to enhance overall security posture.
* Review blockchain network or protocol upgrades for their potential security impact on the platform.
Requirements
* At least 8 years of relevant experience in security assurance, audit, compliance, or cloud security engineering.
* Demonstrated experience testing and validating security controls across IAM, key management, and network/cloud environments.
* Strong understanding of Identity and Access Management (IAM) principles.
* Knowledge of cryptographic key management, HSMs, and KMS systems.
* Solid grasp of cloud and network security architecture and configuration.
* Proven experience supporting SOC 1, SOC 2, ISO 27001, PCI DSS, or similar external audits and assessments.
* Exposure to major cloud platforms (AWS, GCP, Azure) and infrastructure-as-code.
* Experience in preparing client assurance materials, RFP/RFI/DDQ responses, and evidence documentation.
* Familiarity with blockchain platforms or digital asset custody systems is advantageous.
* Can work independently and under pressure.
* Excellent verbal and written communication skills
* Pragmatic and solution-oriented approach, ability to balance security requirements with operational feasibility and business needs.
PIc36cca8e23ca-30511-38832697