Head of Information Security in City of London

Job description

We are seeking an experienced Head of Custody Security to lead our efforts in ensuring robust security for digital asset custody and blockchain infrastructure.

This role will focus on designing and implementing security controls, supporting client assurance, and ensuring compliance with regulatory standards. The ideal candidate is a strategic thinker with deep expertise in security assurance, audit, and cloud security, and a passion for advancing Web3 and blockchain technologies.

Key Responsibilities

• Design, conduct, and implement testing of security controls for identity management, key management, and infrastructure (network and cloud) configurations.
• Support client assurance by preparing responses to Requests for Proposals (RFPs), Requests for Information (RFIs), and Due Diligence Questionnaires (DDQs).
• Analyze trends in client inquiries and provide actionable feedback to internal teams to enhance documentation and control readiness.
• Perform security due diligence and ongoing monitoring of Web3/blockchain vendors, including assessing control maturity, reviewing SOC reports, and identifying residual risks.
• Facilitate external audit activities, coordinating walkthroughs, evidence collection, and response tracking.
• Identify and analyze gaps in current and new processes, developing and tracking remediation recommendations to completion (e.g., onboarding workflows).
• Maintain a deep understanding of applicable financial regulatory security requirements and ensure alignment of controls.
• Research and share information security best practices, emerging threats, and mitigation strategies with internal teams.
• Evaluate and propose next-generation security tools, automation, and technologies to strengthen the overall security posture.
• Review blockchain network or protocol upgrades to assess their potential security impact on the platform.

Requirements

• Minimum of 8 years of experience in security assurance, audit, compliance, or cloud security engineering.
• Proven expertise in testing and validating security controls across Identity and Access Management (IAM), key management, and network/cloud environments.
• Strong understanding of IAM principles and their application in secure systems.
• In-depth knowledge of cryptographic key management, Hardware Security Modules (HSMs), and Key Management Systems (KMS).
• Solid understanding of cloud and network security architecture and configurations.
• Demonstrated experience supporting external audits and assessments, such as SOC 1, SOC 2, ISO 27001, or PCI DSS.
• Hands-on experience with major cloud platforms (AWS, GCP, Azure) and infrastructure-as-code practices.
• Proficiency in preparing client assurance materials, including RFP/RFI/DDQ responses and evidence documentation.

Extra information

Status

Open

Education Level

Secondary School

Location

City of London

Type of Contract

Part-time jobs

Published at

06-11-2025

Full UK/EU driving license preferred

No

Car Preferred

No

Must be eligible to work in the EU

No

Cover Letter Required

No

Languages

English