Search...

Director of Cybersecurity & Incident Response

Coins logo
Coins

Stealth

Distributed
View jobs by Coins

Skills

About the Role

You will serve as the statutory Director of Cybersecurity and Incident Response for a regulated Virtual Asset Service Provider in Brazil, a role formally required under Article 14, III, "e" of BCB Resolution 520/2025. You will be registered with the Central Bank of Brazil and will carry personal regulatory responsibility for the cybersecurity posture of a fully regulated crypto-asset exchange and custodian. You will design, implement and maintain cybersecurity policies, oversee the protection of private keys and custody architecture, lead the security operations function, ensure timely incident reporting to regulators, manage third-party and cloud risk, integrate cybersecurity into the broader risk framework, build and lead the cybersecurity team, and represent the company before regulators, auditors and the Board.

Requirements

  • Brazilian residency (mandatory for statutory directors of BCB-regulated entities)
  • Unblemished reputation, no criminal convictions in the offences listed in Article 11 of BCB Resolution 519/2025, no current disqualification or suspension in any regulated financial institution, no bankruptcy, no BCB rejection in the past three years
  • Demonstrated technical capacity and knowledge of the cybersecurity domain compatible with BCB Normative Instruction 712/2025 and CMN Resolution 4,970/2021 fit & proper standards
  • Willingness to undergo BCB authorisation procedures and ongoing supervisory scrutiny
  • Bachelor's degree in Computer Science, Information Security, Engineering or equivalent; postgraduate degree preferred
  • 10+ years of cybersecurity experience, with at least 5 years in leadership roles within financial institutions, fintechs, crypto exchanges or critical-infrastructure environments
  • Hands-on expertise in cryptographic key management, blockchain and smart-contract security, cloud security (AWS/GCP), SOC operations, DLP, IAM/PAM, threat modelling, incident response and digital forensics
  • Working knowledge of BCB Resolution 85/2021, BCB Resolution 520/2025, LGPD (Law 13,709/2018), ISO 27001, NIST CSF 2.0 and PCI DSS
  • Industry certifications such as CISSP, CISM, CCSP, CCSK, CISA or equivalent
  • Fluent Portuguese and advanced English

Responsibilities

  • Design, implement and maintain the Cybersecurity Policy, the Incident Response Plan, and the Cloud Services Contracting Policy
  • Oversee the protection of private keys and the custody architecture (cold/hot/warm wallets, MPC, multisig, HSM)
  • Lead the security operations function (SOC/SIEM, threat intelligence, vulnerability management, pentests, red-team)
  • Ensure timely reporting of relevant incidents to the BCB, ANPD (LGPD) and other authorities, and coordinate post-incident remediation
  • Manage third-party and cloud risk (vendor due diligence, contractual safeguards, BCB notification regime for relevant IT contracts)
  • Integrate cybersecurity into the broader risk framework alongside the Risk, Compliance, AML and IT functions
  • Build and lead the cybersecurity team; embed a security-by-design culture
  • Represent the company before regulators, auditors and the Board on cybersecurity matters