Paxos’ mission is to modernize finance by mobilizing assets at the speed of the internet. Paxos is building a future where all assets–from money to gold to securities–will be digitized and move instantaneously, 24/7. Settlement risk will cease to exist, so trillions of dollars of trapped capital can go to work in a global, frictionless economy. (Check out our Twitter feed for the latest news and information.)
Our Products include:
- Paxos Standard (PAX) is the world’s first regulated crypto asset, fully collateralized 1:1 by the U.S. dollar. This stablecoin offers a liquid, digital alternative to cash that is available 24/7 for instantaneous transaction settlement around the world. Launched in September 2018, it’s the most traded USD-backed stablecoin.
- itBit is a crypto-asset exchange with trading services including escrow, custody and OTC trading.
- Precious Metals: Based in London, our precious metals team works on a broad suite of products to simplify precious metals post-trade confirmations. The team launched Paxos Confirmation Service earlier this year. Since launch, the Paxos Confirmation Service has confirmed well over 100,000 trades with aggregate notional values in the hundreds of billions of dollars.
The Paxos Information Security team’s mission is to protect company assets and support the growth of the business by providing strategic management of all IS/Cybersecurity-related issues across the organization. The Information Security Manager joins a highly-integrated and dynamic that is driving essential program improvements needed to meet our strategic goals and satisfy rigorous regulatory requirements as a NY State Trust Company.
Reporting to the CISO, the Information Security Manager will manage all aspects of Paxos’ global IS program and provide leadership and guidance as a subject matter expert on the policies, processes, best practices, and functions of information security disciplines, technologies, and guidelines.
Who You Are:
- You have 3-5 years of strong, proven experience broadly across IS governance; IS qualification preferred (eg, CISSP, CISA, CISM)
- You have in-depth experience performing internal and third-party audits, including vendor intake and/or contract negotiations
- You have experience authoring exceptional documentation (eg, policies, standards, processes) and delivering engaging and effective security awareness training
- You have managed IS requirements within application security/ secure SDLC/ DevSecOps program(s)
- You have assessed cloud security (native and/or migration) and implemented effective controls; familiarity with AWS a plus
- You have driven organization change through delivering successful high-profile projects
What you’ll do:
- Document new and review existing IS policies to ensure alignment with organizational risks and business strategy and to drive continual improvement of the IS program
- Manage projects to deliver new and improved IS solutions; identify and evaluate potential third-party solutions as required
- Coordinate internal and third-party audit programs: monitor compliance with and performance of defined IS controls within the organization and also among service providers
- Provide direct training and day-to-day consultancy to employees and third-parties on IS policies and procedures; initiate, facilitate, and promote activities to improve awareness
- Own the risk register: manage ongoing identification, assessment, and treatment of IS risks
- Work with the Security Engineer and software engineering teams to monitor delivery of project-based IS requirements through the Software Development Life Cycle (SDLC)
- Coordinate response to assessments by regulators, auditors, clients, and/or certifying bodies, including NY State Department of Financial Services (NY 23 CRR 500) and SEC (Reg SCI)
- Manage Business Continuity/Disaster Recovery plans, including regular testing
- Manage and review cybersecurity incidents
What’s your favorite thing about working at Paxos?
Paxos is an equal opportunity employer. It does not discriminate on the basis of sex, age, color, race, religion, marital status, national origin, ancestry, sexual orientation, physical and mental disability, medical condition, genetic information, veteran status or any other basis protected by federal, state or local law.