This is critical role to establish and maintain up-to-date, broad and comprehensive understanding of the new security landscape, with the right strategy, tools, people and culture in place; and ensuring adherence to industry regulatory demands and protecting group-wide critical data assets as well as all the systems meeting security requirements and are resilient against vulnerabilities and failures to mitigate reputational and cybersecurity risks and to demonstrate that it is safe and secure to do business with BitMEX.
This individual would manage the security awareness and third party risk management program, ensuring the following:
- Establish a framework to consistently track Technology Risk at BitMEX.
- Oversee, evaluate, and support the assessment , documentation and validation of the processes necessary to ensure that existing and new information technology (IT) systems meet the organization's cybersecurity and risk requirements.
- Develop and maintain cybersecurity plans, strategy, and policy to support and align with organizational cybersecurity initiatives
- Define and participate in long-term strategy and planning for GRC programs.
- Manage and support the third party security vendor risk management program and lifecycle.
- Document and perform risk assessments for third-parties (e.g., vendors and service providers). Respond to security assessments, questionnaires and audits from clients and third-party business partners.
- Assist in the creation and maintenance of security policies, standards, processes and guidelines for approval by Firm management. Evaluate exception requests and make approval recommendations to management.
- Lead the Security Awareness Program. This includes roadmap development, plan, delivery measurement, and evaluation of cyber training/education courses, methods, and techniques based on instructional needs.
- Execute phishing campaigns
- Define metrics to track security awareness program progress and maturity
- Ensure all vendors (software, plug-ins, professional services, etc) are successfully vetted by the Security review process
- Strong technical background working on complex engineering, security and operations projects and initiatives.
- 9+ years of security experience in relevant security domains (e.g. Security Management, Tech Risk)
- Prior experience of working in Security at a tech or fintech.
- Expertise working on major compliance programs in a cloud first environment supporting at a minimum SOC 2, GDPR, and ISO 270001/2 Series frameworks.
- Strong communication skills, in particular around objectively measuring risk.
- A natural teacher, good at putting points across engagingly and enthusiastically and inspiring people to take an interest in information security
- Ability to communicate and market technical messages in a simple, clear, and engaging manner. Experience creating innovative content and working with different types of communications methods, to include newsletters, videos, printed materials, and hosted events.
- Excellent organizational and project management, relationship management, are all skills that will be key to be successful in this role.
- Understanding of learning theory or instructional design and concepts of organizational behavior, culture, and how culture impacts how people behave, learn, and interact with others.
- High sense of ownership, urgency, and drive.