CISO

About Paybis

Paybis is a leading cryptocurrency platform founded in 2014, serving 4.6 million users worldwide with €15M annual revenue. We operate in 180+ countries, supporting 30+ cryptocurrencies, 47 fiat currencies, and 40+ payment methods. As a self-funded, profitable company, we're expanding our B2B offerings including White Label solutions, Paybis Send API, and corporate services handling transactions up to $5M.

Our mission is to become the most trusted, not the largest, cryptocurrency platform. We hold licenses from FinCEN (US), FINTRAC (Canada), and VARA (Poland), with headquarters in Warsaw and a distributed team of 120 professionals.

The Role

We're seeking a battle-tested Chief Information Security Officer to own our security agenda and drive initiatives across our global operations. This is not a consultative role - you will directly command, implement, and enforce security strategy under pressure while aligning with business priorities and regulatory requirements including MiCA, DORA, ISO 27001, and SOC 2.

As Paybis's CISO, you'll formalize and scale our security function from current foundations to enterprise-grade capabilities, supporting both our consumer platform and rapidly growing B2B business.

Strategic Security Leadership

• Conduct comprehensive 90-day security assessment and present strategic roadmap to executive leadership
• Develop and propose security budget based on risk assessment and business needs
• Define optimal security team structure and hiring plan aligned with company growth
• Establish security governance framework and risk management processes
• Lead efforts to achieve ISO 27001 certification by 2026, building on existing PCI DSS Level 1 compliance
• Create and maintain security policies for multi-jurisdiction operations (US, EU, Canada)
• Drive final stages of MiCA and DORA compliance to meet EU regulatory requirements

Operational Excellence

• Enhance existing 24/7 security monitoring capabilities and threat detection programs
• Build comprehensive API security program to support B2B expansion and enterprise clients
• Manage security across 180+ countries with varying regulatory requirements
• Oversee security architecture for AWS cloud infrastructure and existing SSDLC processes
• Collaborate with development teams on security priorities within existing CI/CD pipelines (SAST, SCA)

Risk & Compliance Management

• Ensure compliance with MiCA, DORA, FinCEN, FINTRAC, VARA regulations
• Prepare SOC 2 reports and maintain existing PCI DSS Level 1 certification
• Build on recent external penetration testing (July 2025) to address identified findings
• Manage third-party security risks across 40+ payment method integrations
• Develop risk measurement frameworks to demonstrate ROI of security investments

Essential Experience

• 7+ years in cybersecurity with 3+ years in senior security leadership roles
• Hands-on crisis management experience - must have personally led incident response for serious security events
• Cryptocurrency/fintech industry background - direct experience with exchange security, digital assets, or regulated financial services
• AWS cloud security expertise - practical experience designing and implementing security controls in enterprise AWS environments
• Regulatory compliance leadership - hands-on experience obtaining ISO 27001, SOC 2, or PCI DSS certifications

Technical Expertise

• Deep understanding of advanced persistent threat (APT) tactics, particularly groups targeting crypto companies (Lazarus Group/APT38)
• Experience with DevSecOps integration and security automation in CI/CD pipelines
• Knowledge of Multi-Party Computation (MPC), blockchain security, and wallet infrastructure
• Proficiency with security frameworks: NIST, OWASP, CIS Controls
• Experience with security tooling: SIEM, SOAR, vulnerability management, endpoint protection

Leadership & Communication

• Executive presence - proven ability to interact confidently with C-level executives and board members
• Experience translating technical risks into business language and securing budget approval
• Track record of building security programs in resource-constrained environments
• Excellent English communication skills; Russian language skills advantageous

Industry Knowledge

• Understanding of cryptocurrency regulatory landscape (MiCA, DORA, AML/KYC requirements)
• Experience with multi-jurisdiction compliance and international security standards
• Knowledge of payment security standards and third-party risk management

Preferred Qualifications

• Previous CISO or Head of Security role at fintech, crypto exchange, or regulated financial institution
• Experience working with law enforcement on cybercrime investigations
• Public speaking or thought leadership in cybersecurity domain
• Professional certifications: CISSP, CISM, CISA, or equivalent
• Experience with threat intelligence and security research

What We Offer

Compensation & Benefits

• Competitive salary: €120,000 gross annually
• Performance-based bonus tied to security OKRs and compliance milestones
• Professional development budget for conferences, training, and certifications
• Flexible working arrangements with occasional travel for compliance audits and strategic meetings

Career Opportunity

• CISO role with significant impact on company direction
• Opportunity to build security program from established foundations to enterprise scale
• Work with cutting-edge technology in the rapidly evolving crypto industry
• Direct reporting relationship with CIO and regular interaction with CEO

Work Environment

• Remote-first culture with team members across Europe
• Collaborative, transparent working style aligned with company values
• Access to modern security tools and technologies
• Support for continuous learning and industry engagement

Hiring Process

Our comprehensive interview process consists of four stages designed to assess both technical expertise and cultural fit:

1. Technical & Strategy Interview with Security Officers (1 hour 30 minutes) - In-depth assessment of security experience, crisis management scenarios, and strategic thinking capabilities
2. Interview with CTO and CIO (45 minutes) - Evaluation of technical collaboration skills, DevSecOps integration approach, and alignment with technology strategy
3. Head of HR Interview (30 minutes) - Cultural fit, compensation discussion, and logistics coordination
4. Executive Interview with CEO (45 minutes) - Final assessment of executive readiness, vision alignment, and leadership potential

We aim to complete the entire process within 2-3 weeks.