BitPay, Inc., founded in 2011, is the world’s leading blockchain (cryptocurrency) payments company, serving industry-leading merchants on six continents by providing a seamless, secure cryptocurrency payments experience. BitPay builds powerful tools for accepting, storing, and spending cryptocurrency securely.
We are looking for a passionate, driven security leader to join our U.S. team. Reporting to the Chief Risk Officer, the Senior Director of Information Security and Technology will be responsible for leading numerous technology and security initiatives to successful outcomes and ensuring that we protect the integrity, confidentiality, and availability of information and systems that are owned, controlled or processed by the Company. Additionally, this leader will be responsible for managing the IT staff as well as establishing and maintaining best practices in information technology, asset management, and internal network management in support of our organization.
The below represents the primary responsibilities of the position. Other duties may be assigned as needed.
- Work closely with Chief Technology Officer, Chief Risk Officer, and other executive leaders to develop and enhance the overall information security program, with a specific focus on engineering and architecture, threat management, identity and access management, and vendor management
- Own tactical execution of strategic direction and vision of the information security program
- Analyze business needs and priorities for protection of critical systems and data
- Develop and maintain security metrics and goals
- Draft information security program policies and procedures to ensure compliance with best practices and regulatory requirements
- Manage expectations of our leadership, customers, and employees
- Direct and oversee information governance activities, including SOC 2 audits, cybersecurity risk assessments, program enhancements, etc.
- Lead information security-related committees
- Manage incident response program, including business continuity/disaster recovery program and security incident preparedness
- Represent the company in discussions with auditors and regulators
- Manage security vendor / supplier relationships
- Manage a small staff of information technology and security professionals, hire and train new staff, conduct performance reviews, and provide leadership and coaching, including technical and personal development programs for team members
- Manage expenses and budgets for information technology department, including security investments; build and present credible business cases for security initiatives and investments or other IT related initiatives
- Lead training and awareness efforts across the organization and build a culture of compliance around information security and data privacy
- Continuously monitor trends to anticipate and plan for information security risks
- Provide positive and collaborative leadership to all departments (e.g., sales, engineering, product management, legal, compliance, finance, customer success)
- 8+ years of hands-on, technical security experience, with 4+ years in a role leading teams/programs
- Experience working with global, cross-functional teams
- Experience leading security compliance projects (e.g., SOC 2 audits, cybersecurity risk assessments)
- Working knowledge of systems architecture and implementations (Enterprise, Cloud, Hybrid Cloud, DevOps)
- Knowledge of security standards / frameworks (e.g., ISO 27001, SSAE-18, NIST, etc.)
- Knowledge of applicable laws and regulations (e.g., SOX, GLBA, etc.)
- Excellent oral and written communication skills
- Ability to thrive in a fast-paced, collaborative environment
- Strong organizational and time management skills, including demonstrated ability managing teams and establishing goals and priorities
- Able to work remotely and collaborate with colleagues in different time zones
- BS or MS in Computer Science, Computer Security, Computer Engineering, or other technology-related field
- Located in the Southeastern region of the U.S.
- Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) Certification
- Experience in the crypto industry or working at a fintech company with payments industry experience a plus
- Experience working at an audit and / or advisory services firm