Information Security Officer

Information Security Officer

About the Company

I am helping an AI-native technology group operating across both digital assets and traditional financial services hiring. Their businesses span multiple regulated and emerging sectors, supported by enterprise-grade custody solutions, secure payment infrastructure, and AI-driven products.

As their business continues to expand, they are seeking an experienced Information Security Officer to establish and lead the company's security function, covering information security, operational security, digital asset custody security, and third-party risk management across multiple business lines and jurisdictions.

This role reports directly to senior management, ensuring independence and effectiveness of the security function.

Key Responsibilities

Security Governance & Security Baseline

• Develop, implement, and maintain company-wide security policies, standards, and controls.
• Establish security baselines covering production environments, corporate networks, access controls, key management, data classification, and information handling.
• Continuously review and enhance security frameworks in response to evolving threats and business requirements.

Vulnerability Management & Security Testing

• Lead vulnerability identification, assessment, prioritization, and remediation efforts.
• Coordinate and review penetration testing exercises conducted internally or by external providers.
• Track remediation progress and provide management reporting on critical security risks.

Digital Asset Custody & Wallet Security

• Design and maintain security controls for digital asset custody environments, including hot wallets, cold wallets, MPC, multisignature solutions, and key lifecycle management.
• Partner with enterprise custody providers and wallet infrastructure vendors to ensure secure configurations and operational controls.
• Ensure all asset movements are subject to appropriate authorization, monitoring, and audit trails.

Operational Security (OpSec)

• Implement security controls across operational workflows involving customer funds, business communications, and sensitive data handling.
• Review transaction systems, operational processes, and external integrations to minimize security and fraud risks.
• Enforce segregation of duties and appropriate approval workflows.

Security Procedures & SOP Management

• Develop and maintain security-related SOPs covering account management, wallet operations, onboarding/offboarding, incident response, vendor access, and emergency procedures.
• Drive adoption of security procedures across business functions and continuously improve operational effectiveness.

Executive & High-Value Target Security

• Establish security programs for executives, privileged users, and key custodians.
• Implement controls against account compromise, SIM-swapping, phishing, social engineering, and information exposure risks.

Third-Party Risk Management

• Conduct security due diligence and risk assessments for vendors, service providers, and business partners.
• Review contractual security obligations, service-level commitments, and data protection requirements.
• Coordinate security reviews, audits, and penetration testing activities involving external parties.

Security Incident Response

• Lead technical investigations, digital forensics, root cause analysis, and post-incident reporting.
• Produce independent technical assessments while collaborating with risk, compliance, and management stakeholders.

Infrastructure Security & Compliance Support

• Conduct regular reviews of network architecture, IAM controls, API security, cloud infrastructure, and production environments.
• Support regulatory, compliance, and audit requirements across multiple business lines.
• Assist in the planning and implementation of security certifications and security assurance programs.

Security Awareness & Culture

• Design and deliver security awareness initiatives, phishing simulations, and employee education programs.
• Promote a strong security culture across all teams and business functions.

AI Security Governance

• Develop security standards and governance frameworks for AI-powered products and services.
• Assess and mitigate risks associated with AI systems, model deployment, infrastructure security, and emerging attack vectors.
• Ensure secure and resilient AI operational environments.

Requirements

Required Experience

• At least 5 years of experience in information security, cybersecurity, infrastructure security, or related fields.
• Experience within fintech, digital assets, payments, financial services, trading platforms, or similarly regulated environments.
• Strong hands-on knowledge of identity and access management, SSO, MFA, endpoint management, asset management, cloud security, and security monitoring.
• Experience with digital asset custody security, key management, MPC, multisignature solutions, wallet operations, or equivalent secure transaction environments.
• Familiarity with penetration testing methodologies and security assessment processes.
• Understanding of AI technologies and security considerations relating to AI systems and platforms.
• Proven ability to design and implement security programs, controls, and SOPs from the ground up.

Preferred Qualifications

• Experience across both digital asset/Web3 environments and traditional financial services.
• Familiarity with regulatory and compliance requirements relevant to financial services and digital assets.
• Professional certifications such as CISSP, CISM, CISA, CCSP, or equivalent.
• Experience responding to security incidents involving account compromise, unauthorized access, fraud, or asset loss.
• Experience building or scaling security teams and security governance frameworks.

Key Competencies

• Strong stakeholder management and cross-functional collaboration skills.
• Ability to balance business objectives with security requirements.
• Excellent risk assessment and prioritization capabilities.
• Strong written and verbal communication skills, with the ability to explain technical risks to non-technical stakeholders.
• Ability to thrive in a fast-paced, multi-project, and rapidly evolving environment.
• Strong analytical thinking, sound judgment, and a pragmatic approach to security decision-making.

TRULYYY PTE. LTD.

Senior Consultant

Yang Suyu

EA License No: 20S0118

EA Registration Number: R2199541