Apply on Employer Site

Storm2 · 6 days ago

Chief Information Security Officer

New York, NY

Full-time

Hybrid

Director/Executive

$250K/yr - $250K/yr

Storm2 is a fast-growing organization building infrastructure, software, and services that support the next generation of blockchain and digital asset ecosystems. They are seeking a Chief Information Security Officer (CISO) to own the strategic direction, operations, and continuous improvement of all information and cybersecurity initiatives across the organization.

Financial ServicesFinTechMarketplaceRecruiting

Responsibilities

Design and drive a holistic security strategy covering infrastructure security, application security, product security, data governance, and operational risk

Safeguard digital asset environments , including wallets, key management systems, consensus mechanisms, and blockchain-based services

Build and lead an advanced threat detection, monitoring, and incident response program , ensuring rapid response and clear communication pathways

Collaborate with engineering teams to integrate secure development practices into blockchain, smart contract, and cloud-native workflows

Establish and maintain security controls, audits, and certifications , ensuring alignment with industry frameworks and regulatory expectations

Oversee vendor security, supply-chain risk management, and third-party assessments

Develop a culture of security throughout the business, including training, policy development, and ongoing risk awareness

Provide regular reports and briefings to the executive team on emerging threats, risk posture, and security roadmap progress

Qualification

Security engineeringCloud securityRisk managementAutomated security frameworksAI-enabled security toolingFinancial services experienceAgile environmentScaling security programsCommunication skills

Required

Strong technical foundation in security engineering, cloud security, and modern security architectures — not purely policy or compliance-led

Deep understanding of risk management, security controls, and governance, with a demonstrated ability to automate and modernise manual security processes

Proven experience implementing or operating automated security, GRC, or control frameworks, including policy-as-code, continuous controls monitoring, and security orchestration

Hands-on exposure to AI-enabled security tooling or a strong appetite to adopt AI, agentic workflows, and plug-and-play security platforms to improve speed, scale, and effectiveness

Background in financial services, fintech, payments, trading platforms, or crypto exchanges (custody experience not required)

Comfortable working in an agile, fast-moving environment, partnering closely with engineering and leadership teams to balance speed, risk, and control

Ability to translate complex security and risk concepts into clear, practical guidance for executives and the board

Experience scaling security programs in environments with limited legacy infrastructure and a bias toward automation-first approaches