Join our Telegram for live updates

logo
company logo

Coins.ph

Director of Cybersecurity & Incident Response (Brazil)

Apply Now

Date Posted

Department

Brazil

Location

Vila Velha, Espírito Santo

COINS.XYZ Digital Markets is the Brazilian arm of the COINS.PH group, a leading licensed Virtual Asset Service Provider in Southeast Asia. We are establishing a regulated Virtual Asset Service Provider (SPSAV) in Brazil under the new framework of Law 14,478/2022 and Central Bank of Brazil (BCB) Resolutions 519, 520 and 521 of 2025, operating as a broker (intermediation + custody) with FX services.We are hiring a Statutory Director of Cybersecurity and Incident Response, a role formally required under Article 14, III, "e" of BCB Resolution 520/2025. The Director will be registered with the Central Bank of Brazil and will bear personal regulatory responsibility for the cybersecurity posture of a fully regulated crypto-asset exchange and custodian.

Key Responsibilities

  • Design, implement and maintain the Cybersecurity Policy, the Incident Response Plan, and the Cloud Services Contracting Policy, in line with BCB Resolution 85/2021 and BCB Resolution 520/2025.
  • Oversee the protection of private keys and the custody architecture (cold/hot/warm wallets, MPC, multisig, HSM).
  • Lead the security operations function (SOC/SIEM, threat intelligence, vulnerability management, pentests, red-team).
  • Ensure timely reporting of relevant incidents to the BCB, ANPD (LGPD) and other authorities, and coordinate post-incident remediation.
  • Manage third-party and cloud risk (vendor due diligence, contractual safeguards, BCB notification regime for relevant IT contracts).
  • Integrate cybersecurity into the broader risk framework alongside the Risk, Compliance, AML and IT functions.
  • Build and lead the cybersecurity team; embed a security-by-design culture.
  • Represent the company before regulators, auditors and the Board on cybersecurity matters.
    • Mandatory Requirements
  • Brazilian residency (mandatory for statutory directors of BCB-regulated entities).
  • Unblemished reputation, no criminal convictions in the offences listed in Article 11 of BCB Resolution 519/2025, no current disqualification or suspension in any regulated financial institution, no bankruptcy, no BCB rejection in the past three years.
  • Demonstrated technical capacity and knowledge of the cybersecurity domain compatible with BCB Normative Instruction 712/2025 and CMN Resolution 4,970/2021 fit & proper standards.
  • Willingness to undergo BCB authorisation procedures and ongoing supervisory scrutiny.

Qualifications

  • Bachelor's degree in Computer Science, Information Security, Engineering or equivalent; postgraduate degree preferred.
  • 10+ years of cybersecurity experience, with at least 5 years in leadership roles within financial institutions, fintechs, crypto exchanges or critical-infrastructure environments.
  • Hands-on expertise in: cryptographic key management, blockchain and smart-contract security, cloud security (AWS/GCP), SOC operations, DLP, IAM/PAM, threat modelling, incident response and digital forensics.
  • Working knowledge of BCB Resolution 85/2021, BCB Resolution 520/2025, LGPD (Law 13,709/2018), ISO 27001, NIST CSF 2.0 and PCI DSS.
  • Industry certifications such as CISSP, CISM, CCSP, CCSK, CISA or equivalent.
  • Fluent Portuguese and advanced English.
    • Differentiators
  • Prior experience as a statutory officer in a BCB or CVM-regulated institution.
  • Experience supporting a BCB authorisation process or implementing a cybersecurity programme from the ground up.
  • Direct experience in crypto-asset exchanges, custodians or wallet providers.
  • Familiarity with international VASP frameworks (FATF, MAS, MiCA).
Interested in this job?
Apply Now