Head of Custody Security

Responsibilities

• Conduct, design, and execute testing of security controls encompassing identity management, key management, and infrastructure (network and cloud) configurations.
• Provide support for client assurance activities, such as responding to Requests for Proposals (RFPs), Requests for Information (RFIs), and Due Diligence Questionnaires (DDQs).
• Recognize and analyze trends in client inquiries, offering feedback to internal teams for enhancing documentation and control readiness.
• Conduct security due diligence and continuous monitoring for Web3/blockchain vendors, evaluating control maturity, reviewing SOC reports and security documentation, and pinpointing residual risks.
• Support external audit activities by coordinating walkthroughs, collecting evidence, and tracking responses.
• Identify and assess gaps in current and new processes, developing and monitoring remediation recommendations such as onboarding flow.
• Demonstrate understanding of relevant financial regulatory security requirements and ensure alignment of controls accordingly.
• Research and share information regarding information security best practices, emerging threats, and mitigation strategies internally.
• Evaluate and recommend next-generation security tools, automation, and technologies to bolster overall security posture.
• Assess potential security implications of blockchain network or protocol upgrades on the platform.

Requirements

• Minimum of 8 years of relevant experience in security assurance, audit, compliance, or cloud security engineering.
• Demonstrated experience in testing and verifying security controls within IAM, key management, and network/cloud environments.
• Proficient understanding of Identity and Access Management (IAM) principles.
• Knowledgeable about cryptographic key management, HSMs, and KMS systems.
• Strong grasp of cloud and network security architecture and configuration.
• Proven track record of supporting SOC 1, SOC 2, ISO 27001, PCI DSS, or similar external audits and assessments.
• Familiarity with major cloud platforms (AWS, GCP, Azure) and infrastructure-as-code.
• Experience in creating client assurance materials, RFP/RFI/DDQ responses, and evidence documentation.
• Knowledge of blockchain platforms or digital asset custody systems is advantageous.
• Capability to work independently and perform under pressure.
• Excellent oral and written communication skills.
• Pragmatic and solution-oriented mindset, capable of balancing security requirements with operational feasibility and business needs.