At Trezor, we’ve always valued security more than anything else. After all, that’s why came up with Trezor and a couple of other widely adopted standards. Since the very early days, we’ve been aware of the risks that stem from poor security policies and strategies any company or an individual could have in place. Subsequently, implementing all risk mitigation measures we had at our disposal was one of the first things that we did and this step has definitely contributed to our success on the global market.
Now, as we’re growing bigger than ever, we feel the next step should be to hire a Head of IT security. We’re looking for someone who goes beyond creating safe policies and guidelines on paper - we’re looking for someone who will also implement, maintain and optimize practical security steps that will ensure that security is the top priority throughout the entire company.
If data security is your cup of tea, this could be just the job for you.
Your work should cover these main areas:
1. Innovation and proactivity
You will be expected to do research and discover our weak spots yourself. We want you to take the initiative. We want you to investigate, identify problems and then collaborate with the relevant Heads to improve their departments’ security.
2. Securing our products
You will help us improve our products from a security perspective. This may involve negotiating penetration testing from an external partner or dealing with various security incidents. You’ll help coordinate and communicate on these topics.
We are determined to keep our customers’ data safe. We gather as little data as possible from our customers and are pushing our third parties to do the same. You’ll help us in this quest.
4. Physical security and company equipment
Though COVID has changed our working habits, we still have a huge office that’s open to all our colleagues and hosts a lot of equipment. Regular audits are necessary, as well as coming up with suggestions on what we could improve, how we could ensure that only authorized people get inside and that we only use secured tools.
5. Security practices
Here you’ll just develop processes that we’ve grown used to. Make sure every single person knows how to work with sensitive, or even secret data and knows how to avoid falling for a phishing scam. You’ll stress the importance of 2FA, password managers, and other measures. This applies to physical security as well (see nr. 4).
We’d like to focus on regular, company-wide prevention, rather than ad hoc reminders not to do this or that.
As we’ve established our brand on the global market, it’s essential to know what restrictions, responsibilities, and regulations we’re facing in individual countries and make sure we are fully compliant wherever it's possible. This goes along with some necessary paperwork.
So, this is the job description in a nutshell. We’ll be happy to provide you with more details during the hiring process, you can count on that.
If you think your profile fits the description above, please don't hesitate to submit your CV, together with a cover letter. We’ll definitely get in touch with you as soon as we review your application, most likely within a week.