Head of Custody Security

Responsibilities:
• Conduct, design, and implement testing of security controls covering identity management, key management, and infrastructure (network and cloud) configurations.
• Support client assurance activities, including responding to Requests for Proposals (RFPs), Requests for Information (RFIs), and Due Diligence Questionnaires (DDQs).
• Identify and analyze trends in client inquiries and provide feedback to internal teams to improve documentation and control readiness.
• Perform security due diligence and ongoing monitoring for Web3/blockchain vendors, including assessing their control maturity, reviewing SOC reports and security documentation, and identifying residual risks.
• Facilitate external audit activities, including coordination of walkthroughs, evidence collection, and response tracking.
• Identify and analyze gaps in current and new processes, then develop and track remediation recommendations to completion (e.g., onboarding flow).
• Develop and maintain understanding of applicable financial regulatory security requirements and ensure alignment of controls.
• Research and share information security best practices, emerging threats, and mitigation strategies with internal teams.
• Evaluate and propose next-generation security tools, automation, and technologies to enhance overall security posture.
• Review blockchain network or protocol upgrades for their potential security impact on the platform.

Requirements:
• At least 8 years of relevant experience in security assurance, audit, compliance, or cloud security engineering.
• Demonstrated experience testing and validating security controls across IAM, key management, and network/cloud environments.
• Strong understanding of Identity and Access Management (IAM) principles.
• Knowledge of cryptographic key management, HSMs, and KMS systems.
• Solid grasp of cloud and network security architecture and configuration.
• Proven experience supporting SOC 1, SOC 2, ISO 27001, PCI DSS, or similar external audits and assessments.
• Exposure to major cloud platforms (AWS, GCP, Azure) and infrastructure-as-code.
• Experience in preparing client assurance materials, RFP/RFI/DDQ responses, and evidence documentation.
• Familiarity with blockchain platforms or digital asset custody systems is advantageous.
• Can work independently and under pressure.
• Excellent verbal and written communication skills
• Pragmatic and solution-oriented approach, ability to balance security requirements with operational feasibility and business needs.