Head of IT Security

At Trezor, we’ve always valued security more than anything else. After all, that’s why came up with Trezor and a couple of other widely adopted standards. Since the very early days, we’ve been aware of the risks that stem from poor security policies and strategies any company or an individual could have in place. Subsequently, implementing all risk mitigation measures we had at our disposal was one of the first things that we did and this step has definitely contributed to our success on the global market.

Now, as we’re growing bigger than ever, we feel the next step should be to hire a Head of IT security. We’re looking for someone who goes beyond creating safe policies and guidelines on paper - we’re looking for someone who will also implement, maintain and optimize practical security steps that will ensure that security is the top priority throughout the entire company.

If data security is your cup of tea, this could be just the job for you.

What will your duties be?

Your work should cover these main areas:

1. Innovation and proactivity

You will be expected to do research and discover our weak spots yourself. We want you to take the initiative. We want you to investigate, identify problems and then collaborate with the relevant Heads to improve their departments’ security.

2. Securing our products

You will help us improve our products from a security perspective. This may involve negotiating penetration testing from an external partner or dealing with various security incidents. You’ll help coordinate and communicate on these topics.

3. PII

We are determined to keep our customers’ data safe. We gather as little data as possible from our customers and are pushing our third parties to do the same. You’ll help us in this quest.

4. Physical security and company equipment

Though COVID has changed our working habits, we still have a huge office that’s open to all our colleagues and hosts a lot of equipment. Regular audits are necessary, as well as coming up with suggestions on what we could improve, how we could ensure that only authorized people get inside and that we only use secured tools.

5. Security practices

Here you’ll just develop processes that we’ve grown used to. Make sure every single person knows how to work with sensitive, or even secret data and knows how to avoid falling for a phishing scam. You’ll stress the importance of 2FA, password managers, and other measures. This applies to physical security as well (see nr. 4).

We’d like to focus on regular, company-wide prevention, rather than ad hoc reminders not to do this or that.

6. Paperwork

As we’ve established our brand on the global market, it’s essential to know what restrictions, responsibilities, and regulations we’re facing in individual countries and make sure we are fully compliant wherever it's possible. This goes along with some necessary paperwork.

So, this is the job description in a nutshell. We’ll be happy to provide you with more details during the hiring process, you can count on that.

What makes you the perfect candidate?

• you have previous experience in the field of information security, even better if it’s your hobby
• you strive to enhance security for the whole company with practical reasons, not just to tick some boxes
• you’re good at planning, negotiating, and setting priorities
• you can easily communicate with other colleagues, formulate security requirements, and/or build a thread model together
• you can think outside the box and identify some risks no one else is aware of
• you can communicate complex topics to less technically skilled peers
• you understand security is a trade-off and you’ll therefore not push for security at the cost of usability, unless it is strictly necessary

What will you get in return?

• financial compensation based on your skills and experience
• possibility to receive part of your compensation in BTC
• a lot of flexibility (home office is a company standard these days)
• friendly working environment
• budget for professional development (training programs, courses, and workshops of your choice)
• other benefits like a MultiSport card, company mobile phone tariff, on-site gym, foosball, billiard table, PS4, 3D printer, etc.
• free on-site parking

If you think your profile fits the description above, please don't hesitate to submit your CV, together with a cover letter. We’ll definitely get in touch with you as soon as we review your application, most likely within a week.