CISO – Web3 Security

P2P.org is the largest institutional staking provider with a TVL of over $10B and a market share exceeding 20% in restaking. We are continually focused on researching and improving our infrastructure to extract maximum APR while enhancing security. For instance, in ETH and SOL, our NRR is on average 10% higher than the market, and in DOT, it’s 20% higher. We also place significant focus and resources on launching new networks such as TON, Avail, Monad, Babylon, Story, Berachain, and others, along with yield products. From restaking, where we are the largest operator with a 20+% market share, to yield aggregators on stablecoins. Our clients include BitGo, Copper, Crypto.com, Ledger, ByBit, Bitget, OKX, HTX, Bitvavo, SBI, and others, who choose us for our client‑centric approach and extensive product line from unified API to widgets and custom dApps. We are also actively expanding our product line, exploring RWA, data, yield, and service products for banks, exchanges, custodians, and wallets. P2P.org unites talented individuals globally. Despite our distributed team, we share a passion for decentralized finance – a fairer system for all. We code, learn, create, and connect to shape finance’s future. P2P.org boasts a strong reputation and network. We prioritize customer satisfaction and, as tech enthusiasts, develop innovative solutions that bolster our brand. We are seeking an experienced Chief Information Security Officer (CISO) to define and execute our global security strategy. This role is pivotal in protecting our infrastructure, products, and clients against evolving threats while ensuring compliance with industry‑leading security frameworks. As a senior leader, you will oversee a team of cybersecurity engineers, work closely with engineering and product, and ensure security is embedded across all aspects of product development and operations.

Responsibilities

• Strategy & Leadership
• Define and drive the company‑wide cybersecurity strategy aligned with business, regulatory, and client needs.
• Build, lead, and mentor a high‑performing team of cybersecurity and ICs engineers.
• Serve as executive‑level liaison to regulators, auditors, clients, and (future) board committees.
• Partner with Risk, Legal, and Compliance teams to ensure readiness for public company standards (e.g., SOX, SEC disclosure requirements, risk management frameworks).
• Security Architecture & Engineering
• Lead hands‑on technical work: penetration testing, exploit research, vulnerability assessments, and secure architecture reviews.
• Design and enforce security patterns for blockchain infrastructure, validator nodes, smart contracts, and cryptographic systems.
• Oversee architecture reviews, threat modeling, and code reviews for critical systems (web, API, mobile, blockchain).
• Build and maintain security architecture diagrams, process flows, and technical risk assessments.
• Operations & Compliance
• Establish and oversee security operations, monitoring, and incident response capabilities.
• Drive compliance with SOC 2, ISO 27001, GDPR, PCI DSS, and other regulatory/security frameworks.
• Prepare the company for future licensing and regulatory regimes (e.g., MiCA, U.S. state/federal regimes, MAS, FCA).
• Collaboration & Enablement
• Partner with product and engineering teams to embed security into the SDLC.
• Work with vendors and partners to validate and ensure secure integration.

Promote a strong security culture through training, awareness, and leadership.

Requirements

• Experience
• 8+ years of proven experience in cybersecurity, software engineering, or computer science with a focus on security.
• 5+ years developing security programs or defining secure architectures.
• 3+ years directly managing cybersecurity engineers.
• Demonstrated experience preparing organizations for public company requirements (SOX ITGC, enterprise risk, audit readiness).
• Prior exposure to regulatory environments (FCA, SEC, ESMA, MAS, etc.) and licensing processes for fintech/crypto firms.
• Skills & Knowledge
• Deep technical expertise in penetration testing, threat modeling, and secure systems architecture.
• Strong knowledge of cloud‑native security (AWS, GCP, Oracle cloud PaaS/IaaS/serverless).
• Stong knowledge of k8s security
• Familiarity with blockchain, crypto custody, validator infrastructure, and smart contract attack vectors.
• Proficiency in multiple programming languages (Python, Go, C/C++, JavaScript).
• Strong knowledge of common attacks and vulnerabilities (OWASP Top 10, SANS CWE 25).
• Expertise in security operations, SIEM, SOC design, incident response, and forensic analysis.
• Familiarity with CI/CD pipelines, DevSecOps practices, and agile methodologies.
• Certifications (preferred)
• CISSP, CISM, OSCP, OSWE, OSCE, CEH, Security+, GSEC.
• Cloud security certifications (AWS/GCP).

Audit/regulatory certifications (CISA, CRISC) a plus. At P2P.org we have a team of experts with their own unique approach and ownership culture. Together we gain experience and make dreams come true!

• Fully remote
• Full‑time contractor (Indefinite‑term Consultancy Agreement)
• Competitive salary level in $ (we can also pay in crypto)
• Paid vacation and sick leave
• Well‑being program
• Mental Health care program
• Compensation for education, including foreign language & professional growth courses
• Equipment & co‑working reimbursement program
• Overseas conferences, community immersion

P2P.org is committed to providing equal opportunities. All applicants will be considered without regard to race, color, national origin, religion, sex, sexual orientation, gender identity, veteran status, or disability. Apply tot his job Apply To this Job