Chief Information Security Officer

Chief Information Security Officer (CISO) P2P.org is seeking an experienced Chief Information Security Officer (CISO) to define and execute our global security strategy. This role is pivotal in protecting our infrastructure, products, and clients against evolving threats while ensuring compliance with industry-leading security frameworks. As a senior leader, you will oversee a team of cybersecurity engineers, work closely with engineering and product, and ensure security is embedded across all aspects of product development and operations. Responsibilities Strategy & Leadership Define and drive the company-wide cybersecurity strategy aligned with business, regulatory, and client needs. Build, lead, and mentor a high-performing team of cybersecurity and ICS engineers. Serve as executive-level liaison to regulators, auditors, clients, and (future) board committees. Partner with Risk, Legal, and Compliance teams to ensure readiness for public company standards (e.g., SOX, SEC disclosure requirements, risk management frameworks). Security Architecture & Engineering Lead hands-on technical work: penetration testing, exploit research, vulnerability assessments, and secure architecture reviews. Design and enforce security patterns for blockchain infrastructure, validator nodes, smart contracts, and cryptographic systems. Oversee architecture reviews, threat modeling, and code reviews for critical systems (web, API, mobile, blockchain). Build and maintain security architecture diagrams, process flows, and technical risk assessments. Operations & Compliance Establish and oversee security operations, monitoring, and incident response capabilities. Drive compliance with SOC 2, ISO 27001, GDPR, PCI DSS, and other regulatory/security frameworks. Prepare the company for future licensing and regulatory regimes (e.g., MiCA, U.S. state/federal regimes, MAS, FCA). Collaboration & Enablement Partner with product and engineering teams to embed security into the SDLC. Work with vendors and partners to validate and ensure secure integration. Promote a strong security culture through training, awareness, and leadership. Requirements Experience 8+ years of proven experience in cybersecurity, software engineering, or computer science with a focus on security. 5+ years developing security programs or defining secure architectures. 3+ years directly managing cybersecurity engineers. Demonstrated experience preparing organizations for public company requirements (SOX ITGC, enterprise risk, audit readiness). Prior exposure to regulatory environments (FCA, SEC, ESMA, MAS, etc.) and licensing processes for fintech/crypto firms. Skills & Knowledge Deep technical expertise in penetration testing, threat modeling, and secure systems architecture. Strong knowledge of cloud-native security (AWS, GCP, Oracle cloud PaaS/IaaS/serverless). Strong knowledge of Kubernetes security. Familiarity with blockchain, crypto custody, validator infrastructure, and smart contract attack vectors. Proficiency in multiple programming languages (Python, Go, C/C++, JavaScript). Strong knowledge of common attacks and vulnerabilities (OWASP Top 10, SANS CWE 25). Expertise in security operations, SIEM, SOC design, incident response, and forensic analysis. Familiarity with CI/CD pipelines, DevSecOps practices, and agile methodologies. Certifications (preferred) CISSP, CISM, OSCP, OSWE, OSCE, CEH, Security+, GSEC. Cloud security certifications (AWS/GCP). Audit/regulatory certifications (CISA, CRISC) a plus. At P2P.org we have a team with ownership culture and a focus on building innovative security solutions. We offer fully remote work and a range of benefits described below. Benefits Fully remote Full-time contractor (Indefinite-term Consultancy Agreement) Competitive salary level in USD (crypto