Chief Technology Officer

Our client is a VARA-regulated Virtual Asset Service Provider (VASP) committed to maintaining the highest standards of security, governance, regulatory compliance, and operational resilience. We are seeking an experienced Chief Technology Officer (CTO) to lead the firm's technology strategy, cybersecurity framework, digital asset infrastructure, and operational technology governance.

The CTO will serve as a key function holder responsible for ensuring the security, availability, scalability, and regulatory compliance of the firm's technology environment, including trading systems, wallet infrastructure, custody integrations, and cybersecurity controls

.

Key Responsibilities

Technology Leadership

• Develop and execute the company's technology strategy in alignment with business objectives and regulatory requirements.
• Oversee all technology platforms supporting virtual asset activities, including trading infrastructure, liquidity integrations, custody solutions, and operational systems.
• Ensure high availability, resilience, and scalability of all technology services.

Cybersecurity & Information Security

• Own and maintain the Information Security Management Framework.
• Lead cybersecurity governance, risk assessments, vulnerability management, penetration testing, and incident response programs.
• Ensure compliance with VARA cybersecurity, technology governance, and operational resilience requirements.
• Report material technology and cyber risks to senior management and the Board.

Digital Asset Infrastructure & Wallet Governance

• Oversee wallet management architecture and security controls.
• Ensure appropriate governance around key management, MPC arrangements, transaction authorization processes, and access controls.
• Review and approve wallet security policies and procedures.
• Coordinate with custody providers and third-party service providers supporting wallet operations.

Regulatory & Compliance Responsibilities

• Act as a key technology representative during regulatory reviews, audits, and inspections.
• Support the preparation and maintenance of regulatory submissions, business plans, policies, and governance documentation.
• Ensure technology operations align with AML/CFT, data protection, outsourcing, and cybersecurity requirements.
• Maintain appropriate documentation and evidence of technology governance activities.

Third-Party & Vendor Management

• Oversee relationships with liquidity providers, custody providers, technology vendors, cloud providers, and cybersecurity service providers.
• Conduct due diligence and ongoing monitoring of critical service providers.
• Assess concentration risks associated with technology and operational dependencies.

Governance & Reporting

• Participate in management committees and governance forums.
• Provide regular reporting on technology performance, cybersecurity posture, operational resilience, and emerging risks.
• Support business continuity planning and disaster recovery testing.

Required Qualifications

Education

• Bachelor's degree in Computer Science, Information Security, Engineering, or a related discipline.
• Master's degree preferred.

Professional Certifications (Preferred)

• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CISA (Certified Information Systems Auditor)
• CCSP, AWS Security, or equivalent cloud-security certifications
• Blockchain or digital asset security certifications are advantageous

Experience Requirements

• Minimum 10 years of technology leadership experience.
• Minimum 5 years in financial services, fintech, digital assets, cryptocurrency exchanges, custody providers, or regulated financial institutions.
• Demonstrated experience implementing cybersecurity and information security frameworks.
• Experience with wallet infrastructure, MPC technology, key management controls, and digital asset custody solutions.
• Experience engaging with financial regulators and regulatory examinations.
• Experience managing third-party technology and security vendors.

Technical Competencies

• Information security governance and risk management.
• Cloud infrastructure and architecture.
• Blockchain technologies and digital asset ecosystems.
• Wallet security and key management controls.
• Network security and incident response.
• Technology operations and resilience management.
• Regulatory technology and compliance frameworks.

Leadership Competencies

• Strong ethical standards and integrity.
• Excellent communication and stakeholder management skills.
• Ability to challenge and escalate technology risks appropriately.
• Strong decision-making and problem-solving capabilities.
• Demonstrated ability to operate within a regulated environment.

Fit and Proper Requirements

The successful candidate must:

• Be of good repute, integrity, and professional standing.
• Have no history of fraud, financial misconduct, regulatory sanctions, or serious disciplinary actions.
• Demonstrate competence, capability, and relevant experience for the role.
• Be capable of performing the responsibilities of a senior management function within a VARA-regulated VASP.
• Successfully complete background screening, reference checks, and regulatory fit-and-proper assessments.
• Disclose any conflicts of interest, outside business activities, or regulatory investigations.
• Meet all applicable VARA requirements for key personnel and senior management appointments.

Key Performance Indicators (KPIs)

• Technology platform uptime and resilience.
• Cybersecurity maturity and incident management effectiveness.
• Regulatory compliance and audit outcomes.
• Successful completion of security assessments and penetration tests.
• Timely remediation of technology and security risks.
• Operational efficiency and scalability of technology infrastructure.
• Effective governance and oversight of wallet and custody arrangements.