Job Description:
As a Business Information Security Officer (Digital Assets), you will serve as the primary cybersecurity risk liaison and advisor for business units engaged in cryptocurrency and digital-asset-related initiatives. This role ensures that digital asset products, services, and vendor engagements adhere to enterprise cybersecurity policies while enabling secure innovation. You will oversee vendor security assessments, evaluate digital asset risk, guide teams on policy alignment, support audits and regulatory expectations, and communicate cybersecurity posture to leadership.
Key Responsibilities:
• Serve as the embedded cybersecurity partner for digital asset business teams and align security requirements with product objectives.
• Translate enterprise cybersecurity policies into actionable expectations for digital-asset-related initiatives.
• Participate in planning discussions, architecture reviews, and roadmap sessions to ensure secure design and regulatory alignment.
• Support risk exception, risk acceptance, and mitigation processes.
• Lead end-to-end cybersecurity risk assessments for digital asset products, custody models, wallet operations, blockchain integrations, and supporting vendors.
• Evaluate risks associated with private key management, wallet operations, smart contract vulnerabilities, node infrastructure, and transaction flows.
• Document risks, recommend compensating controls, and track remediation to closure.
• Manage the security risk lifecycle for digital asset vendors throughout due diligence, contracting, and ongoing monitoring.
• Review vendor cybersecurity evidence including SOC reports, penetration tests, questionnaires, and cloud posture artifacts.
• Ensure contractual controls for data protection, breach notification, crypto asset handling, and regulatory compliance.
• Educate business, engineering, and operations teams on cybersecurity policies and secure practices.
• Develop digital-asset-specific security training content and promote a culture of security awareness.
• Prepare and coordinate internal and external audit activities and ensure controls operate effectively.
• Support compliance alignment with regulatory expectations, including SEC, FINRA, OCC, and FFIEC.
• Collaborate with incident response teams to support crypto-specific incident preparedness.
• Contribute to incident response playbooks for scenarios such as key compromise, vendor breaches, on-chain exploits, and blockchain outages.
• Produce business-focused reporting on residual risk, vendor posture, assessment outcomes, and audit findings.
• Present cybersecurity risks and recommendations to leadership.
Required Skills, Experiences, Education, and Competencies:
• Bachelor's degree in Information Security, Computer Science, Engineering, or a related field.
• Minimum 7 years of experience in cybersecurity or technology risk.
• Experience with digital assets, blockchain ecosystems, and crypto custody/security practices.
• Familiarity with cybersecurity frameworks such as NIST CSF, NIST 800-53, SOC 2, and FFIEC.
• Strong communication skills with the ability to articulate cybersecurity risks to technical and non-technical audiences.
• Strong understanding of third-party risk management and digital asset vendor oversight.
• Ability to evaluate emerging crypto risks and recommend effective controls.
Preferred Qualifications:
• Cybersecurity certifications such as CISSP, CISM, CRISC, CCSP, CISA, or related credentials.
• Crypto-focused training or blockchain security certifications.
• Knowledge of key management systems, smart contract risks, and cloud security controls.
• Experience using GRC platforms for risk tracking and reporting.
The hourly range for roles of this nature are $60.00 to $80.00/hr. Rates are heavily dependent on skills, experience, location, and industry.
cyberThink is an Equal Opportunity Employer.