Chief Information Security Officer

 Posted 5 hours ago
     
10+ years experience
Apply Now

Please mention DailyRemote when applying

AI Summary

Lead the global information security posture and serve as the designated officer for regulatory cybersecurity compliance, specifically for NYDFS and SEC requirements. Oversee the security of Agentic AI and Stablecoin settlement infrastructure while transitioning the organization to continuous controls monitoring.


Role Summary

Bakkt is seeking a strategic, Chief Information Security Officer (CISO) to lead our global information security posture and serve as our designated officer for regulatory cybersecurity compliance. This role is designed for an innovative leader who thrives at the intersection of modern engineering velocity and institutional-grade risk management.


As we scale our Agentic AI and Stablecoin settlement infrastructure, you will lead a progressive security function that moves far beyond "check-the-box" compliance. Reporting directly to executive leadership with a dotted line to the Board of Directors, you will have the authority to build a defensible, automated security program that serves as a core enabler for our business growth.


Key Responsibilities

Regulatory Ownership & Executive Governance

  • Designated Regulatory Authority: Serve as the designated CISO responsible for Bakkt's cybersecurity program in accordance with NYDFS Part 500 requirements. Oversee comprehensive annual risk assessments and manage our annual certification of compliance process.
  • SEC & Public Market Readiness: Lead our organizational process for determining the materiality of cybersecurity incidents. Oversee the timely preparation of all required disclosures and filings in accordance with public market regulations and governance standards.
  • Board Stewardship: Provide quarterly Material Security Risk briefings to the Audit Committee of the Board, translating complex infrastructure threats into actionable business risk metrics.
  • Global Expansion Support: Maintain and evolve our security controls to support international settlement expansion, aligning with global mandates as required (e.g., EU DORA, UK FCA, GDPR).
  • AI Governance & Stablecoin Infrastructure
  • Agentic AI Security: Establish the governance and security framework for autonomous AI agents, ensuring programmable money movement is resilient against prompt injection, model poisoning, and unauthorized agentic transactions.
  • Stablecoin Settlement Defense: Oversee the security of our end-to-end stablecoin lifecycle, ensuring the cryptographic integrity of minting/burning protocols and the security of reserve management interfaces.
  • Identity-First (Zero Trust) Architecture: Architect a comprehensive security model that applies consistent rigor to both human and non-human identities, implementing modern phishing-resistant authentication and zero-trust principles across the enterprise.
  • Continuous Compliance: Transition our operations from manual GRC to Continuous Controls Monitoring (CCM), ensuring audit evidence is generated in real-time through Policy-as-Code.
  • Security Engineering & DevSecOps
  • Seamless Security (Shift Left): Foster an internal culture where security is built-in from the start. Replace manual gatekeeping with automated guardrails integrated into our development pipeline, allowing engineers to ship securely without losing speed.
  • Smart Risk Management: Move beyond unprioritized vulnerability lists. Implement a threat-modeling process that prioritizes fixes based on real-world business impact, ensuring engineering teams focus on the risks that actually threaten our environment.

Operational Leadership & Resilience

  • Incident Response & Tabletops: Own the global Incident Response and Business Continuity plans. Lead high-stakes tabletop exercises simulating systemic financial failures and AI-driven fraud.
  • Third-Party Risk Management (TPRM): Manage the security lifecycle of critical banking and ICT partners, moving beyond point-in-time assessments to continuous, data-driven vendor monitoring.
  • Talent Development: Lead, develop, and motivate a high-performing team of security subject matter experts in our distributed, remote-first environment.Ideal Candidate Profile

Qualifications and Skills

  • The Standard: CISSP required, or a demonstrably equivalent executive credential (CISM, CCISO, or CISA).
  • Financial & Public Co. Pedigree: 12+ years in Information Security, with significant experience operating within a NYDFS-regulated or SEC-reporting public company environment.
  • Infrastructure Depth: Proven success leading security in distributed, cloud-driven (AWS/GCP) environments. Direct experience with stablecoin protocols or AI-driven financial tools is a strong advantage.
  • Preferred Education: Master’s degree (Cybersecurity, MIS, or MBA) and/or senior-level professional designations like GSLC or equivalent executive cybersecurity leadership training.
  • Leadership & Soft Skills
  • Strategic & Lateral Thinker: Ability to look at complex regulatory frameworks not as obstacles, but as tools for building robust, continuous process improvement.
  • Operational Resolve: Capable of leading difficult, high-stakes conversations where business velocity and regulatory safety intersect.
  • Agile Leadership: Proven ability to lead through ambiguity and rapid change. You are a decisive leader who can pivot strategies in real-time based on shifting market conditions while maintaining team focus on high-priority outcomes.
  • Collaborative Culture Builder: A sophisticated, modern approach to managing and motivating technical subject matter experts in a remote-first, high-growth environment.

Bakkt is devoted to having diversity in its workforce and is proud to be an equal opportunity employer. Bakkt does not make any employment decisions based on race, color, religion, sex, national origin, veteran status, disability, age, sexual orientation, gender identity or any other characteristic protected by law. Must successfully pass a post-offer background check and drug screen. 


California Candidate Privacy Notice
Before submitting your application, please review Bakkt's California Candidate Privacy Notice and Notice at Collection, which explains how Bakkt collects, uses, retains, and discloses applicant and candidate personal information during the recruiting process. The notice is available here: https://bakkt.com/candidate-privacy/

Similar Jobs

See all Remote Software Development jobs →

Personalize your Remote Job Search in 3 Easy Steps!

Discover remote opportunities in Software Development

Answer easy questions

Answer easy questions

200,000+ jobs across 15+ categories

Get your best job matches

Get your best job matches

Only hand-screened, legit jobs

Find a remote job faster

Find a remote job faster

No ads, scams, or junk

I was the first applicant for a remote marketing position that got listed on the company website the same day I applied. Had an interview within 48 hours!

Sarah J. — Sarah J. · Marketing Manager ★★★★★ Verified