About the Role
You will establish the information security strategy for the EU entity and drive the security program to protect assets and data. You will lead incident response, regulatory reviews, and compliance efforts, and you will implement an ISO 27001 certified ISMS aligned with DORA and MiCA BaFin requirements. You will strengthen security policies and controls across networks and data, oversee risk assessments, coordinate with global security teams, and foster a security first culture throughout European operations. You will report security status to senior management.
Requirements
- 6 to 10 years of experience in information security, with at least 3 years in a senior or lead CISO role within a regulated financial services or fintech environment.
- Deep knowledge of BaFin regulatory requirements, DORA (Digital Operational Resilience Act), and MiCA, with hands-on experience implementing controls to meet these frameworks.
- Proven experience managing or operating under ISO 27001-certified ISMS; CISM, CISSP, or equivalent certification strongly preferred.
- Strong understanding of ICT risk management, third-party risk, and operational resilience requirements as defined under DORA.
- Experience interfacing directly with financial regulators (BaFin or equivalent EU national competent authority) on security matters.
- Familiarity with digital asset infrastructure, custody technology, and the unique security considerations of blockchain-based systems is a strong advantage.
- Excellent written and verbal communication skills in both English and German; ability to produce regulatory-quality documentation and board-level reporting.
- Demonstrated ability to build and lead cross-functional security initiatives in a fast-paced, international organization.
- Strong analytical and risk-based thinking; able to balance regulatory compliance with pragmatic, business-enabling security design.
- Based in or willing to relocate to Frankfurt; this is an on-site role with limited home-office agreement possible.
Responsibilities
- Serve as the designated Chief Information Security Officer (CISO) for BitGo Europe GmbH, fulfilling all regulatory obligations under BaFin, DORA, and MiCA requirements.
- Develop, implement, and maintain the information security management system (ISMS) in accordance with ISO 27001 and applicable EU regulatory standards.
- Lead the identification, assessment, and treatment of ICT and information security risks across the European entity, in alignment with DORA's ICT risk management framework.
- Act as the primary point of contact with BaFin and other EU regulatory bodies on all information security matters, audits, and supervisory inquiries.
- Own and oversee the incident response and ICT-related incident reporting processes, ensuring timely notification to regulators as required under DORA.
- Define and enforce security policies, standards, and controls covering network security, access management, cryptographic asset protection, and operational resilience.
- Conduct and coordinate regular security assessments, penetration tests, vulnerability management, and third-party ICT risk reviews.
- Collaborate with Group-level security and compliance teams to align European security posture with global BitGo standards while meeting local regulatory requirements.
- Provide security awareness training and foster a security-first culture across the Frankfurt office and European operations.
- Report regularly to senior management and the Management Board on the state of information security, open risks, and remediation progress.
Benefits
- Competitive base salary, bonus and stock options
- Access to global, group wide experts in the crypto industry
- Free custom lunches, dinners and snacks
- Computer equipment and workplace furniture to suit your needs
- Great colleagues and inspiring environment