Director of Cybersecurity & Incident Response (Fintech)

TL;DR

Director of Cybersecurity & Incident Response (Fintech): Responsible for designing, implementing, and maintaining the Cybersecurity Policy and Incident Response Plan for a regulated crypto-asset exchange and custodian with an accent on protecting private keys and custody architecture. Focus on leading security operations, managing third-party and cloud risk, and representing the company before regulators.

Location: Hybrid in Vila Velha, Espírito Santo, Brazil. Must have Brazilian residency.

Company

Coins.XYZ Digital Markets is the Brazilian arm of the hirify.global group, a leading licensed Virtual Asset Service Provider in Southeast Asia, establishing a regulated Virtual Asset Service Provider (SPSAV) in Brazil.

What you will do

• Design, implement, and maintain the Cybersecurity Policy, Incident Response Plan, and Cloud Services Contracting Policy.
• Oversee the protection of private keys and the custody architecture.
• Lead the security operations function (SOC/SIEM, threat intelligence, vulnerability management, pentests, red-team).
• Ensure timely reporting of incidents to the BCB, ANPD (LGPD) and other authorities, and coordinate post-incident remediation.
• Manage third-party and cloud risk.
• Build and lead the cybersecurity team and represent the company before regulators, auditors, and the Board.

Requirements

• Brazilian residency (mandatory for statutory directors of BCB-regulated entities).
• Unblemished reputation, no criminal convictions, disqualification, suspension, or bankruptcy.
• Demonstrated technical capacity and knowledge of the cybersecurity domain.
• Willingness to undergo BCB authorisation procedures and ongoing supervisory scrutiny.
• Bachelor's degree in Computer Science, Information Security, Engineering, or equivalent.
• 10+ years of cybersecurity experience, with at least 5 years in leadership roles within financial institutions, fintechs, crypto exchanges, or critical-infrastructure environments.
• Fluent Portuguese and advanced English.

Nice to have

• Prior experience as a statutory officer in a BCB or CVM-regulated institution.
• Experience supporting a BCB authorisation process or implementing a cybersecurity programme from the ground up.
• Direct experience in crypto-asset exchanges, custodians, or wallet providers.
• Familiarity with international VASP frameworks (FATF, MAS, MiCA).