Information Security Officer

Founded and headquartered in Dubai, the United Arab Emirates, BitOasis is a leading venture-backed, regulated virtual assets retail trading and custody platform for the GCC and wider Middle East and North Africa region.

Job Description: Infosec Officer (CISO)

The Infosec Officer will be responsible for enterprise vision, strategy, and program to guarantee that information assets and technologies are suitably protected. This role includes creating and executing security policies, procedures, and programs to safeguard networks, data, and systems from online attacks, with a particular focus on the unique challenges presented by Web 3.0 technologies. The  will collaborate closely with other business leaders to manage security risks, coordinate security initiatives with business goals, and ensure adherence to pertinent laws and standards.

Responsibilities:

• Develop and implement a comprehensive information security strategy to protect the organization’s assets, with a specific emphasis on securing Web 3.0 technologies, including blockchain, smart contracts, decentralized applications (dApps), and digital assets.
• Establish and enforce security policies, procedures, and standards to safeguard the organization’s data and systems, ensuring that these measures are adapted to the decentralized and distributed nature of Web 3.0 environments.
• Lead the development and implementation of an enterprise-wide information security program that addresses both traditional IT infrastructure and emerging Web 3.0 technologies.
• Conduct regular security risk assessments and audits, including evaluations of smart contracts, consensus mechanisms, and cryptographic protocols, to identify vulnerabilities and ensure compliance with regulatory requirements.
• Oversee the management of security incidents and investigations, with a focus on detecting and mitigating threats specific to Web 3.0, such as vulnerabilities in decentralized finance (DeFi) platforms and non-fungible tokens (NFTs).
• Collaborate with engineering/technology and other departments to integrate security measures into the organization’s technology infrastructure, including Web 3.0 components such as blockchain nodes, peer-to-peer networks, and tokenized assets.
• Develop and manage the information security budget, ensuring efficient allocation of resources to high-priority initiatives, including the implementation of Web 3.0 security tools and platforms.
• Stay current with emerging security threats and technologies, particularly in the Web 3.0 space, and adapt strategies accordingly to mitigate risks.
• Provide regular reports to senior management and the board of directors on the status of the information security program, including risk assessments, incidents, and compliance, with specific insights into Web 3.0-related risks.
• Lead the organization’s response to security audits and assessments conducted by external parties, including those related to Web 3.0 technologies.
• Promote a culture of security awareness across the organization through training and awareness programs, with a focus on the risks and best practices associated with Web 3.0.
• Collaborate with legal and compliance teams to ensure adherence to relevant laws and regulations, including data privacy laws and those specifically related to blockchain and digital assets.
• Develop and maintain strong relationships with external stakeholders, including regulatory bodies, industry associations, and security vendors, particularly in the Web 3.0 ecosystem.
• Oversee the selection and implementation of security solutions, including firewalls, intrusion detection/prevention systems, encryption technologies, and Web 3.0-specific tools such as blockchain analysis platforms and smart contract auditing tools.
• Manage and mentor a team of security professionals, providing guidance, coaching, and career development opportunities, with an emphasis on building expertise in Web 3.0 security.
• Ensure the organization’s security certifications (e.g., ISO 27001, NIST Cybersecurity Framework) are maintained and updated, and pursue new certifications or standards relevant to Web 3.0 technologies.
• Develop and implement a robust incident response plan to address potential security breaches, including those unique to decentralized environments, and minimize impact.

• Bachelor’s degree in computer science, information technology, or a related field; advanced degree preferred.
• 8+ years of experience in information security, with at least 8 years in a senior leadership role.
• Strong knowledge of information security standards and frameworks (e.g., ISO 27001, NIST Cybersecurity Framework, CIS Controls) and their application in both traditional and Web 3.0 environments.
• Proven experience in developing and implementing comprehensive information security programs, including strategies for securing Web 3.0 technologies.
• Solid understanding of risk management principles and practices, with experience in assessing and mitigating risks in decentralized and blockchain-based environments.
• Experience conducting security risk assessments and developing mitigation strategies for both traditional IT and Web 3.0 technologies.
• In-depth knowledge of regulatory requirements related to information security, data privacy, and Web 3.0 technologies.
• Strong leadership skills with the ability to inspire and motivate teams.
• Exceptional communication and interpersonal skills, with the ability to interact effectively at all levels of the organization.
• Analytical mindset with the ability to think critically and solve complex problems, particularly in the context of Web 3.0 security challenges.
• Detail-oriented with strong organizational and project management skills.
• Ability to navigate and influence in a complex and fast-paced business environment.
• Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC) are highly desirable. Knowledge or certification in blockchain security is a plus.
• High ethical standards and a commitment to maintaining confidentiality and integrity.
• Excellent business acumen and a commercial outlook, with a deep understanding of the evolving Web 3.0 landscape.
• An approved person by CBB is desirable.