Parsed Structured
{
"language": "en",
"location": {
"raw": "Madrid, Madrid, Spain",
"city": "Madrid",
"region": "Madrid",
"country": "Spain",
"is_remote": false,
"confidence": 0.8
},
"salary_max": null,
"salary_min": null,
"inferred_at": "2026-06-06T10:30:06.659Z",
"launch_scope": {
"reason": "bamboohr_production_catalog",
"included": true,
"location": {
"raw": "Madrid, Madrid, Spain",
"city": "Madrid",
"region": "Madrid",
"country": "Spain",
"is_remote": false,
"confidence": 0.8
},
"countries": [
"Spain"
]
},
"remote_policy": null,
"salary_period": null,
"workplace_type": null,
"salary_currency": null
}Native Structured
{
"list_job": {
"id": "362",
"isRemote": null,
"location": {
"city": null,
"state": null
},
"atsLocation": {
"city": "Madrid",
"state": null,
"country": "Spain",
"province": "Madrid"
},
"departmentId": "19379",
"locationType": "1",
"jobOpeningName": "Chief Information Security Officer (CISO)",
"departmentLabel": "Management",
"employmentStatusLabel": "Part-Time"
},
"detail_errors": [],
"detail_job_opening": {
"location": {
"city": null,
"state": null,
"postalCode": null,
"addressCountry": null
},
"datePosted": "2026-05-14",
"atsLocation": {
"city": "Madrid",
"state": "Madrid",
"country": "Spain",
"countryId": "192"
},
"description": "<p><br><span style=\"font-family: Arial, sans-serif; font-size: 12pt\">CEX.IO Europe is in the final stages of obtaining authorisation under the EU Markets in Crypto-Assets Regulation (MiCA) as a Crypto-Asset Service Provider (CASP) in Spain. As part of our regulatory readiness and local substance requirements, we are actively recruiting a Spain‑based Money Laundering Reporting Officer (MLRO).</span></p>\n<p><span style=\"font-family: Arial, sans-serif; font-size: 12pt\">The CISO will be the primary local official responsible for ensuring the digital operational resilience of CEX.IO Europe S.L. in accordance with Regulation (EU) 2022/2554 (DORA).</span></p>\n<p><span style=\"font-family: Arial, sans-serif; font-size: 12pt\">The CISO’s core mandate is to maintain an effective local capacity for decision-making, supervision, and questioning over all ICT functions delegated to the servicer company, part of the group. This includes the explicit authority to understand, supervise, question, approve, reject, or nullify any technical action, proposal, or recommendation from the Group service provider that impacts EU operations.</span></p>\n<p><span style=\"font-family: Arial, sans-serif; font-size: 12pt\">The CISO is responsible for the independent management of technology and cyber risks within the Spanish jurisdiction, ensuring operational substance and digital resilience. The CISO acts as the principal technical liaison and accountable officer for the CNMV and Bank of Spain, on all cybersecurity, DORA compliance, and DLT-related supervisory matters.</span></p>\n<p><span style=\"font-family: Arial, sans-serif; font-size: 12pt; font-weight: bold\"><br>Responsibilities</span></p>\n<ul>\n<li><span style=\"font-size: 12pt\"><span style=\"font-family: Arial, sans-serif; font-weight: bold\">DORA & MiCA Governance:</span><span style=\"font-family: Arial, sans-serif\"> Lead the implementation and maintenance of the ICT risk management framework to meet CNMV and ESMA standards</span></span></li>\n<li><span style=\"font-size: 12pt\"><span style=\"font-family: Arial, sans-serif; font-weight: bold\">Oversight of Delegated Functions:</span><span style=\"font-family: Arial, sans-serif\"> Supervise and control ICT services provided by CEX.IO Ltd (UK), including cloud infrastructure, software development, and security operations</span></span></li>\n<li><span style=\"font-size: 12pt\"><span style=\"font-family: Arial, sans-serif; font-weight: bold\">ICT Risk Management:</span><span style=\"font-family: Arial, sans-serif\"> Identify, assess, and mitigate technological risks. Conduct annual reviews of the Business Impact Analysis (BIA) and the ICT Risk Assessment</span></span></li>\n<li><span style=\"font-size: 12pt\"><span style=\"font-family: Arial, sans-serif; font-weight: bold\">Incident Management:</span><span style=\"font-family: Arial, sans-serif\"> Act as the ultimate authority for initiating the Incident Response Plan (IRP) for high and critical levels. Coordinate the notification of major incidents to the CNMV within mandated timelines (4h/72h/30 days)</span></span></li>\n<li><span style=\"font-size: 12pt\"><span style=\"font-family: Arial, sans-serif; font-weight: bold\">Third-Party ICT Security:</span><span style=\"font-family: Arial, sans-serif\"> Supervise critical ICT third-party service providers, with a focus on monitoring and ensuring compliance with agreed SLAs, RPOs, and RTOs</span></span></li>\n<li><span style=\"font-size: 12pt\"><span style=\"font-family: Arial, sans-serif; font-weight: bold\">Custody Security:</span><span style=\"font-family: Arial, sans-serif\"> Oversee the security of crypto-asset custody solutions (Proprietary V2/V3 and external sub-custodians, like Coinbase). Ensure the integrity of MPC (Multi-Party Computation), HSM (Hardware Security Modules), and multisig signing processes.</span></span></li>\n<li><span style=\"font-size: 12pt\"><span style=\"font-family: Arial, sans-serif; font-weight: bold\">Secure SDLC Oversight:</span><span style=\"font-family: Arial, sans-serif\"> Supervise the Secure Software Development Life Cycle and validate security testing in pre-production (UAT) environments before deployment</span></span></li>\n<li><span style=\"font-size: 12pt\"><span style=\"font-family: Arial, sans-serif; font-weight: bold\">Resilience & DLT Testing:</span><span style=\"font-family: Arial, sans-serif\"> Approve and collaborate on operational resilience testing plans and specific tests regarding Distributed Ledger Technology (DLT)</span></span></li>\n<li><span style=\"font-size: 12pt\"><span style=\"font-family: Arial, sans-serif; font-weight: bold\">Inventory Management:</span><span style=\"font-family: Arial, sans-serif\"> Maintain a unified and centralized inventory of CEX.IO systems and infrastructure</span></span></li>\n</ul>\n<p><span style=\"font-family: Arial, sans-serif; font-size: 12pt; font-weight: bold\">Requirements and Qualifications</span></p>\n<ul>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 12pt\">University degree in Engineering, Computer Science, or Cybersecurity (ideally complemented by relevant certifications such as CISM or CISSP).</span></li>\n<li><span style=\"font-size: 12pt\"><span style=\"font-family: Arial, sans-serif\">Proven track record in building cybersecurity frameworks and complying with EU financial regulations (DORA, MiCA, PCI DSS)</span><span style=\"font-family: Arial, sans-serif\"><br><br></span></span></li>\n</ul>\n<p><span style=\"font-family: Arial, sans-serif; font-size: 12pt; font-weight: bold\">Technical Knowledge:</span></p>\n<ul>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 12pt\">Secure cloud architecture (specifically AWS environments)</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 12pt\">Vulnerability management and monitoring tools (Grafana, Kibana, SIEM)</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 12pt\">Cryptographic protocols and secure private key management</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 12pt\"> Strong communication skills for interacting with regulators and the ability to lead global technical teams under a \"hub and spoke\" operational model</span></li>\n</ul>",
"compensation": null,
"departmentId": "19379",
"locationType": "1",
"seekPromoted": false,
"jobCategoryId": null,
"jobOpeningName": "Chief Information Security Officer (CISO)",
"departmentLabel": "Management",
"jobOpeningStatus": "Open",
"minimumExperience": null,
"jobOpeningShareUrl": "https://cexio.bamboohr.com/careers/362",
"employmentStatusLabel": "Part-Time"
}
}