Head of Cyber Security Operations and Engineering

Apply for this job

Founded in 2014, Ledger is the global platform for digital assets and Web3. Over 20% of the world’s crypto assets are secured through our Ledger Nanos. Headquartered in Paris and Vierzon, with offices in the UK, US, Switzerland and Singapore, Ledger has a team of more than 600 professionals developing a variety of products and services to enable individuals and companies to securely buy, store, swap, grow and manage crypto assets – including the Ledger hardware wallets line with more than 5 millions units already sold in 180 countries. 

At Ledger, we embody the values that make us unique: Pragmatism, Audacity, Commitment, Trust and Transparency. Have a look at our Origins video here.

Reporting directly to the Chief Information Security Officer (CISO), the Head of Cyber Security Operations and Engineering will be an innovative, experienced, self-driven manager/leader in the cyber security space that will be able to educate, provide guidance, and help drive information security initiatives and standards throughout the company.

This individual will be an enabler and a strong partner for various departments (Platform, Networks, Legal, developer communities, etc.) and teams. The candidate must also possess a strong hands-on technical- and security- practitioner background and the ability to effectively work with technical staff, understand governance, risk mitigation, and technical controls.

As the Head of IT Cyber Security Operations and Engineering team, this individual will establish and drive effective processes, technical security standards, and appropriate partnership among teams. This role will be in charge of the day to day management and execution of detailed security operations and technical control sets - a strong technical background will be required to ensure success of the role and technical nature of the interactions with other supporting teams.

Responsibilities:

• Develop, establish, and manage the execution of the strategy for the Information Security Operations and Engineering function
• Recruit and manage the IT Cyber Security Operations team and the IT Cyber Engineering team
• Direct, oversee and manage Information Security Operations and Engineering activities, including creation of security artifacts that reflect and sustain business, operational, technical, and compliance objectives
• Development and maintenance of Cyber Security roadmap, technology / tooling selection, implementation, maintenance, configuration, operation - end to end lifecycle
• Work with Engineering and Operations teams to secure production environments, and implement systems to monitor and maintain the security of our products in development and production
• Establish a regular program to review subsidiary environments to ensure security standards are in force and are effective
• The timely review of threat and vulnerability reports and the creation of processes and action plans to address risks identified by them
• Log management review activities
• Regular vulnerability scans of systems across the organization and collaborate with departments to ensure systems are remediated and/or security controls set in place
• Contribute to the annual review and update of the Disaster Recovery and Business Continuity Plan
• Ensure compliance of the Information Security and Risk Management program with all Regulatory, Contractual, Association, and Client requirements
• Conduct presentations to and collaborate with company stakeholders to raise awareness of security risk and drive outcomes to improve security posture
• Work with Executive Management to determine acceptable levels of risk for the company
• Work with outside partners or consultants as required to meet independent security audit needs; manage outside security partners, stakeholders, vendors, and solutions providers working on security implementations
• Support compliance efforts, client audit responses (for IT and Security items) and other compliance requirements
• Assist the Information Security team with developing and building a forward-thinking, preventative Information Security Program across all disciplines
• Maintain awareness of Information Security industry trends, evaluate solutions and techniques, and remain aware of new and emerging threats
• Other duties as assigned

Requirements:

• Bachelor's degree in related field or equivalent combination of experience and education
• CISSP, CISM, or other equivalent security certification is a plus
• 10+ years of technology experience with a minimum of seven years specifically focused in the area of Cyber Security
• Demonstrated leadership abilities with team-oriented interpersonal skills; ability to effectively interface with a broad range of people and roles
• Recent experience with engineering, implementing & managing Information Security controls in SasS environments preferred
• Progressive experience in Information Security management including, managing Information Security team staffing, contracting, budgeting, vendors, and security programs and projects
• Hands-on technical experience with Physical Security Systems, Telecommunications and Networks, Security Solutions (Firewalls, IDS/IPS, SIEM, Vulnerability Assessment Tools), Employee Security Training, Access Control Systems, Cryptography, and Secure SDLC Methodologies
• Working knowledge of modern software development practices, such as SDLC, Agile, SAFe, etc.
• Working knowledge of common information security management frameworks, such as, PCI, ISO/IEC 27001, and NIST CSF
• Working knowledge of state and federal information security, compliance, and privacy procedures such as GDPR and CCPA securities policies 
• Understanding of rules and laws governing public companies, including GLBA and SOX
• Ability to interpret state and federal laws, company guidelines, and regulatory rules to determine how they apply to the company
• Experience performing multifaceted projects in conjunction with routine operational and support activities

What’s in it for you?

• Equity: Employees are the foundation of our success, and we award stock options so you can share in that success as we grow
• Flexibility: A hybrid work policy
• Social: Annual company outing for "Ledgerdary Days", plus frequent social events, snacks and drinks
• Medical: Comprehensive health insurance policy offering extensive medical, dental and vision care coverage
• Well-being: Personal development, coaching & fitness with our dedicated partners
• Vacation: Five weeks of paid leave per year, in addition to national holidays and rest & relaxation (RTT) days
• High tech: Access to high performance office equipment and gadgets, including Apple products
• Transport: Ledger reimburses 75% of your preferred means of transportation
• Discounts: Employee discount on all our products