Job Description

About RockWallet

Rock Solid. Rock Confident.

RockWallet is a financial technology company made up of people who think differently about how digital assets can be managed, accessed, and used.

At RockWallet, our vision is for anyone to access and thrive in the digital economy. It's our mission to help you make the most of the opportunities available by building products that empower people to navigate digital asset usage easily, securely, and with confidence. Our self-custodial, multicurrency wallet puts you in charge of your digital assets. RockWallet's app makes it quick and easy to buy, use, store, and swap top cryptocurrencies, all in one place, on your mobile. RockWallet is registered with FinCEN as a Money Service Business. Find out more here at www.rockwallet.com.

About the Role

The Vice President, Information Security, will serve as a key executive leader, responsible for developing and executing a comprehensive, enterprise-wide information security strategy. Reporting to the Chief Operating Officer and serving as a critical member of the executive management team, the Vice President, Information Security, will lead all information security initiatives, ensuring RockWallet maintains industry-leading standards for security and regulatory compliance in a rapidly evolving landscape

This role is remote with a preference for applicants based in Canada and in the Eastern Time Zone (ET).

Key Responsibilities

Develop and execute a comprehensive information security and risk management strategy aligned with RockWallet's business objectives and regulatory obligations, harmonized across US and EU entities. Build, lead, and mentor a global team of security and risk professionals, fostering high performance, collaboration, and operational excellence. Establish, implement, and maintain security policies, standards, and procedures to safeguard information assets across the organization (incl. DORA-compliant ICT risk management framework for European RockWallet group's entity). Own the design and oversight of incident classification, notification and response processes, disaster recovery, and business continuity planning. Plan and oversee operational resilience testing (scenario-based BCP/DR with defined RTO/RPO, and, where appropriate, threat-led exercises); track remediation and present results to executive leadership and Board/Committees. Lead the organization's third-party/vendor risk management program end-to-end and ensure compliance with all relevant frameworks (e.g., SOC2, ISO 27001, EU DORA, GDPR). This would involve oversight regarding due diligence, contractual safeguards (audit inspection rights, incident SLAs, data location/access, sub-outsourcing, exit/portability), performance monitoring, and maintenance of the outsourcing/ICT register. Embed privacy-by-design: DPIA (data protection impact assessment) governance, data minimization/retention, cross-border transfer controls, coordinated breach response. Oversee the implementation and continuous improvement of security awareness and training programs for all employees. Collaborate with IT, Product, Legal, Compliance and Executive teams to integrate security into product design, development, and operations. Monitor and report on key security metrics, risks, incidents, and organizational compliance to executive leadership and the Board. Ensure compliance with global privacy and cybersecurity regulations and lead audits with external regulators and partners. Provide executive guidance on emerging threats, technologies, and best practices in the cybersecurity sphere.

Qualifications

10+ years of progressive experience in information security, with at least 3 years in a senior or executive leadership role within globally distributed organizations. Proven track record in building, leading, and developing high-performing security teams. In-depth knowledge of industry standards and regulatory frameworks (SOC2, ISO 27001, PCI-DSS, EU DORA, GDPR). Hands-on depth in cloud security (AWS preferred), vulnerability management, incident response and secure DevSecOps. Executive communication and Board reporting; budget ownership and risk-based decision-making. Experience developing, implementing, and managing enterprise risk management, incident response, and disaster recovery strategies. Strong understanding of information security architecture, threat landscape, and emerging technologies. Exceptional leadership, communication, and executive influencing skills. Bachelor's degree in Information Security, Computer Science, or a related field required (Master's or relevant certifications such as CISSP, CISM, or CISA preferred).

Benefits

Work from home Benefits A competitive salary Diverse and dynamic work environment Work-life balance and support for career development

How to Apply:

Please submit your resume in our preferred file - .PDF not in .DOC. Thank you.

We thank all interested applicants; however, only those under consideration will be contacted.

RockWallet, LLC is an Equal Employment Opportunity/ Veterans/Disabled/LGBT and Affirmative Action employer. We are committed to diversity and building a team that represents a variety of backgrounds, perspectives, and skills. We do not discriminate, and all decisions we make are made on the basis of qualifications, merit, and business need. Our goal is to be one global diverse team that is representative of our customers, in an inclusive environment where we can continue to innovate and grow together.