At Unchained Capital, our mission is to help bitcoin holders achieve unprecedented financial freedom and control. Unchained products include originating loans backed by bitcoin, providing multi-signature vaults utilizing collaborative custody, and buying bitcoin directly to vaults with keys that you control. We are looking for a Head of Security to own, uphold, and improve practices & policies across our company.
Unchained Capital believes bitcoin custody must include owning private keys. Furthermore, we believe collaborative custody between businesses and individuals is superior to self-custody. We hold ourselves to high standards and, because we collaborate with them, we educate and empower our customers to uphold these same standards. Network security, physical security, and operational security are all important to our practice.
Candidates should have experience guaranteeing the long-term protection of financial assets, digital information, and/or physical valuables. This position requires assessing a security position, developing a plan to improve it, and collaborating with stakeholders to execute it. Prior experience governing high-security environments such as banks, infrastructure companies, or government agencies is expected. Experience directly securing bitcoin private keys, while helpful, is not required.
In addition to experience, the right candidate should be a hands-on security professional who can directly assess risks, author policies & standard operating procedures, create training material for employees, customers, & partners, run tests and perform drills to determine compliance and probe for weak points. Because of the nature of our business, we have a strong culture of security across our company, so you’ll be starting from a strong foundation. But our client base and assets under management are growing quickly so we need to keep pace with our security practices. We intend to obtain certifications but we don’t confuse credentials with actual security.
You can expect in your first year:
- First Month: Get onboarded and learn about our current policies & practices. Perform an assessment to determine our current readiness and posture. Collaborate with us on a roadmap for improvement, targeting certifications and prioritizing our weakest areas.
- Next 3 Months: Work with engineering, product, HR, and operations teams to consolidate existing security policies and refine them to meet and exceed industry standards.
- Next 8 Months: Make progress on the roadmap we’ve defined. Become the overall owner of our security program across our company.
What you’ll do
- Assess our security posture. Learn what our teams do, how data flows through our systems, and how customers use our product. Take on an adversarial mindset and model how an external or internal bad actor could attack our systems, assets, clients, or employees.
- Write security policies. We understand that a good security posture stems from a clearly documented policy. You will be responsible for making sure that our security policies are clear, coherent, centralized, unambiguous and complete.
- Ensure policy execution. You will also help to ensure that other departments understand and adhere to the security policies.
- Be a product stakeholder. Your roles & responsibilities as head of security make you an excellent source of product feedback. Our team and customers value good security but, because of its often indirect business impact, it often requires advocacy from a security stakeholder for security improvements to get added to our product roadmap.
What we want to see
- Minimum of 10 years experience ensuring security of a high-risk environment
- Passion for making bitcoin easier to secure and making cryptography more accessible
- Great communication skills that show us you can communicate security needs to engineers, product managers, and business stakeholders
- CISSP, CCISO, CISM or equivalent.
To Apply, please send your resume and cover letter to email@example.com