Descripción de la oferta
Chief Information Security Officer (CISO) Location: Remote Schedule: Full-time We are seeking a highly experienced security and risk executive to join Criptan as the ultimate owner of information security, compliance, and enterprise risk management. Reporting directly to the Board, this role is critical to safeguarding our organization, ensuring regulatory alignment, and embedding a culture of security across all business units. The successful candidate will lead the design and oversight of security frameworks, act as the primary liaison with regulators and auditors, and provide strategic direction to protect Criptan's operations, infrastructure, and stakeholders. Responsibilities Act as the executive owner of information security and risk management, reporting directly to the Board Develop and maintain a comprehensive security and compliance strategy aligned with Criptan's business goals and European regulatory requirements (Mi CA, DORA, GDPR, ISO-*****, SOC-2) Oversee the design and governance of security policies, frameworks, and internal controls across all business units Lead the enterprise risk management function, including cyber risk, operational risk, third‑party/vendor risk, and business continuity Serve as the primary point of contact with regulators, auditors, and external stakeholders on information security and compliance matters Provide regular risk and security updates to the Board, including dashboards, KPIs, and strategic recommendations Supervise security audits, penetration tests, and certifications, ensuring continuous improvement of Criptan's security posture Champion a security culture across the organization, providing leadership, training, and communication at all levels Ensure that engineering and operations teams integrate security by design into the technical stack:Backend: Node.Js Frontend / Mobile / Web: Flutter Databases: My SQL, Dynamo DB, Redis Infrastructure: AWS (multi‑AZ, containerized workloads, IAM, WAF, monitoring, etc.) Requirements 5+ years of progressive experience in information security, risk, or compliance Proven success in regulated financial services, fintech, or crypto environments, including engagement with regulators Deep knowledge of European regulatory frameworks (Mi CA, DORA, GDPR) and international standards (ISO-*****, SOC-2, NIST) Recognized professional certifications highly desirable: CISSP, CISM, CISA, ISO-*****, Lead Implementer/Auditor Familiarity with modern cloud‑native technology stacks (AWS, Node.Js, Flutter, My SQL) is a plus, but focus is on governance, not hands‑on coding #J-18808-Ljbffr