CISO

In 2018, Bitvavo launched the first version of its digital assets trading platform, to bridge the gap between traditional currencies and digital assets. By offering transparent fees, a wide range of assets and an easy to use platform, Bitvavo is making the currency of the future accessible for everyone.
In two years' time, Bitvavo has established itself as the market leader in the Netherlands and one of the largest in Europe, with over one million users exchanging tens of billions of digital assets a year.
Our team, located in Amsterdam, is looking for self-driven, talented people who can help make digital assets available for everyone.

We are seeking an experienced Chief Information Security Officer (CISO) to lead our cybersecurity efforts. The CISO will report directly to our Chief Risk Officer (CRO) board member, ensuring top-level integration of security into our strategic decisions. This role will work very closely with the Chief Technology Officer (CTO) as a major stakeholder, ensuring alignment between security initiatives and technology development. The ideal candidate will possess a strong technical background, proven leadership skills, strategic vision, and a commitment to continuous learning.

• Technical Leadership: Develop and implement security solutions, architectures, and policies to protect the company's systems, customer data, and digital assets. Stay updated with emerging threats and industry best practices.

• Team Management: Lead and motivate a high-performing security team. Foster a culture of security awareness and collaboration across the organization.

• Strategic Vision: Align the security program with the company’s business objectives. Provide strategic guidance on security threats and risk management to the executive team.

• Risk Management: Identify, assess, and mitigate risks associated with financial transactions, sensitive data, and regulatory compliance. Ensure the organization’s risk management practices are robust and proactive.

• Adherence to relevant regulations: Ensure compliance with upcoming regulations such as DORA (Digital Operational Resilience Act) and MiCAR (Markets in Crypto-Assets Regulation). Develop effective policies and controls that align with these requirements, and work with the first line to implement them.

• Pragmatic Approach: Demonstrated ability to strike the right balance between compliance requirements and engineering agility, driving pragmatic and effective solutions.

• Communication: Articulate complex security concepts to non-technical stakeholders, including senior management and board members, in a clear and concise manner.

• Incident Response: Develop and oversee incident response plans. Coordinate responses to security events and support post-incident analysis and remediation.

• Collaboration with Engineering and Product Teams: Work closely with engineering and product teams to embed security early in the development lifecycle ("shift left"). Ensure that our products and services are secure by design and meet the highest security standards.

• Continuous Improvement: Encourage innovation and continuous learning within the security team. Stay abreast of the latest security trends, technologies, and best practices through certifications, conferences, and industry networks.

• Education: Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field.

• Experience: Minimum of 10 years in information security, with at least 5 years in a leadership role, preferably in the crypto or financial services sector.

• Technical Expertise: Hands-on experience in developing and implementing security solutions and policies. Strong knowledge of cybersecurity and risk management.

• Leadership: Proven ability to manage and motivate a team of security professionals. Excellent communication and interpersonal skills.

• Strategic Thinking: Ability to align security initiatives with business objectives. Experience in providing strategic guidance to senior leadership.

• Risk Management: Strong skills in identifying, assessing, and mitigating security risks.

• Compliance: Deep understanding of relevant regulations and standards within the financial sector (e.g., GDPR, ISO, SOC 2, NIST Cybersecurity Framework) and experience applying them to a technology-focused environment.

• Pragmatic Approach: Demonstrated ability to strike the right balance between compliance requirements and engineering agility, driving pragmatic and effective solutions.

• Continuous Learning: Commitment to ongoing professional development and staying updated with industry trends and best practices.

At Bitvavo, we believe that diverse perspectives drive innovation, foster creativity, and lead to better outcomes. We are committed to building a team that reflects the diversity of the communities we serve and creating an inclusive environment where everyone can thrive. We welcome applicants of all backgrounds, identities, and experiences. Regardless of race, ethnicity, gender, sexual orientation, age, religion, ability, or any other characteristic. Join us and be part of a team that values and celebrates your unique contributions.
Bitvavo does not accept resumes from staffing, search, or recruitment firms without a signed agreement. If you send us a resume without such an agreement, we may contact the candidate directly without any obligation whatsoever and no fee of any kind will be paid should we hire the candidate.

At Bitvavo, we believe in attracting, motivating and retaining talented people through market-competitive offerings that go beyond compensation alone. To learn more about our total rewards package and the benefits we offer, visit our Life at Bitvavo page.