Head of IT Foundational Controls

Head of IT Foundational Controls

Requirements

• Prior Experience Leading Technology Audit Teams in the Crypto Exchange/Crypto Product Space is Highly Preferred.
• Advanced SQL Analytical Skills: Ability to perform complex queries, data modeling, and statistical analysis on large datasets from various sources (transactional databases, blockchain data, log files) for in-depth audit evidence, impact analysis, and anomaly detection.
• Strong Critical Thinking and Problem-Solving Skills: Capacity to analyze complex, often novel, technical and control environments unique to crypto, identify intricate root causes of issues, and propose effective, context-specific solutions.
• Fundamental Understanding of Blockchain Technology: Basic knowledge of distributed ledger technologies, consensus mechanisms (e.g., PoW, PoS), cryptography (hashing, public-key), and the lifecycle of a cryptocurrency transaction.
• IT General Controls Auditing: Comprehensive knowledge of ITGCs with an emphasis on how they apply to the unique components of a crypto exchange, ensuring controls are robust enough for assets with irreversible transactions.
• Change Management Auditing: Expertise in evaluating change management processes for highly sensitive systems like hot/cold wallets, smart contracts, and core exchange matching engines, emphasizing strict approval, rigorous testing, and immediate incident response for failed changes.
• Access Management Auditing: Deep dive capability to assess user provisioning/deprovisioning, privileged access management for critical crypto infrastructure (e.g., private keys, multisig wallets, liquidity pools), and complex segregation of duties across financial and technical roles.
• Data Protection Auditing: Advanced understanding of cryptographic key management, hardware security modules (HSMs), multi-party computation (MPC), and the ability to audit robust data protection measures for private keys, customer funds, and sensitive personal data.
• Secure Software Development Life Cycle (SDLC) Auditing: Expertise in auditing secure SDLC methodologies specifically for smart contracts, blockchain nodes, and exchange applications, including formal verification, fuzz testing, and secure coding practices.
• IT Operations Auditing: Ability to assess the effectiveness of IT operational controls for always-on, high-availability crypto exchange platforms, including real-time monitoring, automated incident response, disaster recovery for blockchain data, and continuous patching.
• Risk Management Principles for IT Foundational Controls: Advanced grasp of risk identification, assessment, mitigation, and monitoring methodologies specifically tailored to the high-stakes, real-time, and often irreversible nature of crypto transactions.
• Knowledge of Specific Regulatory Requirements impacting IT controls: Understanding of specific regulatory requirements impacting crypto exchanges globally (e.g., anti-money laundering (AML), combating the financing of terrorism (CFT) as per FATF, sanctions compliance, specific licensing requirements for Virtual Asset Service Providers (VASPs) and how these translate to technical controls relevant to ITGCs.)

Responsibilities

• Lead and manage a global IT foundational controls audit team, including driving the technology foundational control audit strategy as well as hiring and developing individuals across key regions.
• Drive the execution of global IT Foundational Controls (ITGC) audit programs, ensuring comprehensive coverage and adherence to best practices, with a specific focus on high-volume crypto environments.
• Collaborate effectively with functional and regional portfolio leads to provide expert IT foundational controls testing support for stand alone and integrated audits, ensuring controls are robust enough for assets with irreversible transactions.
• Develop and implement advanced audit methodologies tailored to the unique complexities of blockchain technology, crypto exchanges, and decentralized systems, particularly concerning access management, change management, and data protection.
• Provide strategic guidance and insights on emerging foundational control risks and their implications in the cryptocurrency space to senior leadership.

Preferred Qualifications

• Prior Experience Leading Technology Audit Teams in the Crypto Exchange/Crypto Product Space is Highly Preferred.