Head of IT (Cyber) Security Operations and Engineering

Ledger

CDI / Permanent contract
Paris, Île-de-France
Nov 3, 2021

About

Créé en 2014, Ledger est le leader mondial des solutions de sécurité et d’infrastructure pour les cryptomonnaies et les applications blockchain avec plus de 1.6 millions d’utilisateurs dans 165 pays. Ledger allie des expertises hardware et software afin de sécuriser des milliards de dollars sur plus de 30 cryptomonnaies.

Ledger conçoit les solutions les plus fiables et les plus simples d’utilisation : notre équipe R&D a créé un Operating System dont l’ouverture et la flexibilité permet à l’utilisateur de reprendre le contrôle de sa vie digitale. Nous intégrons cet OS sur carte à puce (Secure Element) et HSM (Hardware Security Modules).

En sécurisant l’ensemble de la blockchain, Ledger veut être un acteur majeur de la 4ème révolution industrielle.

Leurs équipes sont situées à Paris, Vierzon, Hong Kong et New York.

Chez Ledger, ils font un PACTE avec leurs collaborateurs. Cela signifie qu'ils incarnent les valeurs qui font leur unicité : le Pragmatisme, l’Audace, la Confiance, la Transparence et l’Engagement.

Job Description

Reporting directly to the Chief Information Security Officer (CISO), the Head of IT (Cyber) Security Operations and Engineering will be an innovative, experienced, self-driven manager/leader in the cyber security space that will be able to educate, provide guidance, and help drive information security initiatives and standards throughout the company.

This individual will be an enabler and a strong partner for various departments (Platform, Networks, DonJon, Legal, etc.) and teams. The candidate must also possess a strong hands-on technical- and security- practitioner background and the ability to effectively work with technical staff, understand governance, risk mitigation, and technical controls.

As the Head of IT (Cyber) Security Operations and Engineering team, this individual will establish and drive effective processes, technical security standards, and appropriate partnership among teams. This role will be in charge of the day to day management and execution of detailed security operations and technical control sets - a strong technical background will be required to ensure success of the role and technical nature of the interactions with other supporting teams (network, platform, developer communities, etc)

Responsabilities

  • Develop, establish, and manage the execution of the strategy for the Information Security Operations and Engineering function
  • Recruit and manage the IT (Cyber) Security Operations team and the IT (Cyber) Engineering team
  •  Direct, oversee and manage Information Security Operations and Engineering activities, including creation of security artifacts that reflect and sustain business, operational, technical, and compliance objectives
  • Development and maintenance of Cyber Security roadmap, technology / tooling selection, implementation, maintenance, configuration, operation - end to end lifecycle
  • Work with Engineering and Operations teams to secure production environments, and implement systems to monitor and maintain the security of our products in development and production
  • Establish a regular program to review subsidiary environments to ensure security standards are in force and are effective
  • The timely review of threat and vulnerability reports and the creation of processes and action plans to address risks identified by them
  • Log management review activities
  • Regular vulnerability scans of systems across the organization and collaborate with departments to ensure systems are remediated and/or security controls set in place
  • Contribute to the annual review and update of the Disaster Recovery and Business Continuity Plan
  • Ensure compliance of the Information Security and Risk Management program with all Regulatory, Contractual, Association, and Client requirements
  • Conduct presentations to and collaborate with company stakeholders to raise awareness of security risk and drive outcomes to improve security posture
  •  Work with Executive Management to determine acceptable levels of risk for the company
  • Work with outside partners or consultants as required to meet independent security audit needs; manage outside security partners, stakeholders, vendors, and solutions providers working on security implementations
  • Support compliance efforts, client audit responses (for IT and Security items) and other compliance requirements
  • Assist the Information Security team with developing and building a forward-thinking, preventative Information Security Program across all disciplines
  • Maintain awareness of Information Security industry trends, evaluate solutions and techniques, and remain aware of new and emerging threats
  • Other duties as assigned
  • Qualifications / Requirement

  • Bachelor's degree in related field or equivalent combination of experience and education
  • CISSP, CISM, or other equivalent security certification is a plus
  • 10+ years of technology experience with a minimum of seven years specifically focused in the area of Cyber Security
  • Demonstrated leadership abilities with team-oriented interpersonal skills; ability to effectively interface with a broad range of people and roles
  • Recent experience with engineering, implementing & managing Information Security controls in SasS environments preferred
  • Progressive experience in Information Security management including, managing Information Security team staffing, contracting, budgeting, vendors, and security programs and projects
  • Hands-on technical experience with Physical Security Systems, Telecommunications and Networks, Security Solutions (Firewalls, IDS/IPS, SIEM, Vulnerability Assessment Tools), Employee Security Training, Access Control Systems, Cryptography, and Secure SDLC Methodologies
  •  Working knowledge of modern software development practices, such as SDLC, Agile, SAFe, etc.
  • Working knowledge of common information security management frameworks, such as, PCI, ISO/IEC 27001, and NIST CSF
  • Working knowledge of state and federal information security, compliance, and privacy procedures such as GDPR and CCPA securities policies 
  • Understanding of rules and laws governing public companies, including GLBA and SOX
  • Ability to interpret state and federal laws, company guidelines, and regulatory rules to determine how they apply to the company
  • Experience performing multifaceted projects in conjunction with routine operational and support activities
  • Benefits

  • Competitive compensation package and ESOP according to the Company policy
  • Flexible working hours, remote-friendly environment
  • Strong focus on personal development including internal/external trainings and attendance to conferences
  • Internal talks, technical meetups and Hackathons
  • High performance office equipment
  • Comprehensive health insurance policy offering extensive medical, dental and vision care coverage
  • Meal Vouchers with Swile (ex Lunchr)
  • Annual company outing for Ledgerdary Days plus infrequent parties, snacks and drinks
  • Employee discount on Ledger products
  • Ledger guarantees equal opportunity for all during the recruitment process, without any distinction of gender, ethnicity, religion, sexual orientation, social status, disability or age

    Additional Information

    • Contract Type:Full-Time
    • Location:Paris, France (75002)