Head of Information Security

What are we all about?

We are a team of builders and researchers on a mission to empower enterprises and developers worldwide to access and build on decentralized systems.

Our expertise covers several domains: Ethereum and Starknet protocol engineering, layer-2, cryptography research, protocol research, decentralized finance (DeFi), security auditing, formal verification, real-time monitoring, smart contract development, and dapps and enterprise engineering.

Working to solve some of the most challenging problems in the blockchain space, we frequently collaborate with renowned companies, such as Ethereum Foundation, Starknet Foundation, Gnosis Chain, Flashbots, Forta Protocol, Lido, EigenLayer, Open Zeppelin, RISCZero, Aleph Zero, and many more.

Today, we are a 350+ strong team working remotely across 66+ countries.

View all our open positions here: https://www.nethermind.io/open-roles

Are you the one?

The Head of Information Security will join the executive team and report directly to the Chief Risk Officer (CRO). The Head of Information Security will establish and maintain the enterprise vision, strategy, and programme to ensure the security of Nethermind’s blockchain infrastructure and Web3 operations. This role is essential for safeguarding Nethermind’s digital assets, supporting the company's strategic goals, and ensuring compliance with industry standardsResponsibilities:

Responsibilities include, but not limited to:

• Develop, implement, and manage the overall enterprise process for security strategy, planning, and governance, explicitly focusing on blockchain and Web3 technologies.
• Lead efforts to identify, evaluate, and mitigate security risks, balancing risk management with business goals.
• Oversee developing and implementing security policies, standards, guidelines, and procedures tailored to blockchain and decentralised systems.
• Ensure compliance with the latest regulatory requirements and best practices in blockchain security and Web3 technologies.
• Collaborate with internal teams such as DevOps, legal, and finance to integrate security requirements into daily operations.
• Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data, and the company’s reputation.
• Provide leadership to the enterprise’s information security organisation, managing the performance of direct reports and fostering a strong security culture.
• Engage with stakeholders to communicate the company's security strategy and how it mitigates risks while supporting business objectives.
• Regularly report on the state of the security programme to the CRO and other senior executives.

Qualifications and Experience: 

• Bachelor’s or Master’s degree in Computer Science, Information Systems, Cybersecurity, or a related field.
• At least ten years of experience in information security and risk management, with a significant focus on blockchain technology, Web3, or the fintech industry.
• Strong understanding of blockchain platforms, particularly Ethereum, and knowledge of smart contract security.
• Experience with security frameworks and standards such as ISO 27001, SOC2, NIST, and GDPR compliance.
• Proven leadership skills with the ability to manage and mentor a diverse and distributed team.
• Excellent analytical and problem-solving abilities and strong communication skills to articulate complex security concepts to non-technical stakeholders.

Professional certifications 

• Certified Information Systems Security Professional (CISSP),
• Certified Information Security Manager (CISM),
• Certified in Risk and Information Systems Control (CRISC).
• Certified Blockchain Security Professional (CBSP).
• Certified Web3 Professional (CW3P)