Aave is looking to hire a Chief Information Security Officer (CISO) to join the team.
The Aave Companies (“Aave”) is focused on innovation in Web3 and has cultivated a thriving, collaborative culture. Valuing expertise and dedication, the Aave fam is welcoming, passionate, and eager to build great products. We celebrate differences and seek to recruit, develop, and retain the most talented people from a diverse candidate pool...and we are hiring!
As CISO, you will have a clear vision and strategy for Aave’s information and security operations. They will promote continuous improvement, innovation, and agility in service delivery, whilst collaborating with colleagues across the global business – including our regulated electronic money institution (“EMI”) in the UK.
As the CISO, you will be responsible for overseeing a wide range of technical and security controls; and leading an ongoing program of improvement in response to changing security threats and risk.
The role requires a thorough understanding of the technology underpinning our systems, as well as broad and up-to-date knowledge of information security frameworks; applicable legislation and regulation (UK, EU, US); vulnerability management; incident management and response; secure development techniques; cyber security engineering and operations; and the management and governance of cyber risks and security.
Ideal candidate profile:
- Performed a similar role in a distributed (remote) and cloud-driven organisation.
- Established and led a progressive information security function including IT infrastructure, application development, and service delivery.
- Strong information and cyber security background along with relevant formal qualifications.
- Strategic and lateral thinker with exceptional leadership credentials and a sophisticated approach to stakeholder and supplier management.
- Proven experience in managing and delivering information and security improvements across a global organisation whilst managing budgets and resources.
- Experienced in leading, developing, and motivating a team of information and data subject matter experts.
Key responsibilities:
- Define, develop, and maintain an Information and Cyber Security Framework across Aave in line with relevant legislation, regulation, and industry standards as applicable.
- Define, build, and maintain the required culture, plans, policies, procedures, systems, controls, reporting mechanisms, and assurance framework.
- Ensure the efficacy of the IT service delivery lifecycle including Security Operations, Security Architecture, and Security Assurance.
- Provide leadership and oversight of effective information and cyber security risk management in conjunction with the Risk team.
- Provide advice and direction to the business in respect of information and cyber security practices and operational processes.
- Work with internal stakeholders to ensure that planned changes to technologies, working practices, and business activities are managed appropriately and within the accepted risk profile.
- Ensure that information and cyber security risks presented through suppliers and delivery partners are identified and effectively managed.
- Drive and deliver change to information and security systems, processes, and procedures.
- Represent the business by engaging in appropriate external networks to ensure Aave can meet and respond to new information and security challenges and threats.
- Direct and/or assist with investigations into information security breaches.
Knowledge and skills:
- Excellent understanding of the following:
- Best practice within Information Security and risk management including standards such as ISO/IEC 27001, NIST-CSF, CIS-20CSC, and CObIT.
- Legislation, regulation, and accepted best practice that impact information Security e.g., Data Protection Act (2018), Freedom of Information Act, and PCI DSS4.0.
- Current and emerging threats and countermeasures impacting the ecosystem.
- Security technologies and wider business solutions including identity and access management, Security Incident and Event Management (SIEM) and Security Operation Centre (SOC), remote working, and cloud-first technologies.
- Collaborative leader with strategic acumen and problem-solving skills, able to inspire and motivate colleagues.
- Ability to think and plan strategically and systematically while recognising the need to deliver to the business requirements.
- Ability to work within a regulatory framework and to articulate its potential as a tool for continuous improvement across the wider organisation.
- Experience of conducting penetration tests and/or managing a third-party audit firm.
Qualifications:
- One or more of the following qualifications are essential:
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional (CISSP)
- Certified Information systems Auditor (CISA)
- One or more of the following qualifications are desirable:
- MSc Information Security
- Achieved Senior or Lead level certification in the NCSC’s Certified Cyber Professional scheme in one or more of Security and Information Risk Advisor (SIRA), IA Architect, IA Auditor, IT Security Officer
- Full membership of the Institute of Information Security Professionals.
- AWS Certified Security – Specialty or Google Professional Cloud Security Engineer.
Benefits:
- A vibrant collaborative and fully serviced workspace in Notting Hill
- Innovation-driven working environment
- Daily lunch and snacks in the office
- Team socials
- Contributory pension scheme
- Private health care
- Private dental care
- 25 days holiday
- Equinox gym membership
- Front seat position working with decentralised financial technologies