Job Title

The Chief Information Security Officer (CISO) will serve as the senior executive responsible for establishing and maintaining the group-wide information security roadmap for the Kotti Capital family office and its Principal. This role is critical in protecting the principal in their personal operations, as well as the firms digital asset/cryptocurrency holdings, while providing strategic cybersecurity guidance for technology investments and new venture incubation.This position offers an outstanding opportunity for an accomplished security professional to leverage their technical expertise while expanding their exposure to investment strategy and broader business operations.Key ResponsibilitiesDevelop and Implement Internal Security InfrastructureDesign and execute a comprehensive cybersecurity strategy aligned with the family offices objectives and risk tolerance.Develop tailored threat intelligence programs focusing on risks specific to the family, such as targeted social engineering, theft of cryptocurrency, extortion, or reputational attacks (e.g., doxxing or defamation campaigns).Perform a full audit on current controls, and upgrade the system to meet the principals risk tolerance.Identify and prioritize security risks specific to the family offices operations, including investments, personal data, and third-party relationships.Establish a risk management framework to assess, mitigate, and monitor cyber threats.Create, update, and enforce information security policies, standards, and procedures tailored to the family offices needs.Implement programs to detect and mitigate insider threats, including disgruntled employees, family members, or trusted advisors with access to sensitive systems.Information Security LeadershipSecurity Strategy Development: Lead the development and implementation of comprehensive information security strategies to protect digital assets, cryptocurrency holdings, and trading systems from internal and external cyber threats. You will establish security policies, standards, and operating procedures that align with business objectives and risk mitigation requirements.Risk Management: Conduct continuous risk assessments, vulnerability analyses and red-teaming exercises across all digital infrastructure, with particular focus on cryptocurrency custody & trading platforms. Implement robust security controls including multi-signature wallets, cold storage protocols, and hot/cold wallet separation.Compliance Oversight: Ensure and report on compliance with internal policies and procedures. Maintain adherence to industry standards such as ISO 27001, SOC 2, and NIST Cybersecurity Framework.Personal Security ImplementationCollaborate with physical security teams to ensure a holistic approach to protecting family office assets, including residences, offices, and travel.Integrate physical and cybersecurity measures to address risks such as insider threats or unauthorized access.Personal Security: Develop and execute a high-assurance personal security program to protect principals and family members against sophisticated, persistent threats from nation-state actors, organised cybercrime groups, and other advanced adversaries. Collaborate with private intelligence firms, cyber forensics experts, and law enforcement on attribution, incident response, and legal countermeasures to hostile campaigns across all the principals assets: residences, cars, travel.Airgapping & Device Hardening: Implement zero-trust architecture and air-gapped infrastructure for signing transactions where appropriate for high-value individuals and assets. Manage secure provisioning of hardened devices (e.g. custom firmware, hardware-based encryption, cellular anonymization) for principals and close contacts.Travel Assurance: Coordinate cross-border security protocols for international travel, including counter-surveillance, risk mapping, and diplomatic risk review. Advise on secure travel practices, including location obfuscation, secure itinerary management, and geofencing controls.Threat Monitoring & Staff Training: Monitor deep and dark web intelligence sources for targeted campaigns, impersonation, doxxing, or tracking linked to state actors. Lead personal operational security (OPSEC) training for principals, household staff, and inner circle (e.g. travel secrecy, account hygiene, social engineering resistance). Establish incident response protocols for personal data breaches, identity theft, stalking, and other digital or physical security threats.Cryptocurrency and Digital Asset SecurityCustody Security: Oversee and design secure storage and management of cryptocurrency private keys.Trading Platform Security: Ensure robust security measures for cryptocurrency trading operations including proof of reserves, withdrawal whitelisting, and real-time monitoring systems..Incident Response: Develop and maintain incident response plans and playbooks specific to cryptocurrency-related security events including potential hacks, fraud attempts, and wallet compromises.Investment Due Diligence and Technology AssessmentTech Investment Analysis: Provide cybersecurity due diligence for potential technology investments, evaluating proposed or reported security postures, compliance status, and risk profiles.. Assess factors including data protection measures, incident response capabilities, and regulatory compliance.Venture Security Assessment: Support new venture planning by analysing cybersecurity requirements and costs for proposed technology initiatives. Evaluate security implications of a broad range of emerging technologies including AI, blockchain, health, and fintech solutions.Due Diligence Framework: Develop comprehensive cybersecurity assessment frameworks for investment decisions, including evaluation of intellectual property protection, data security practices, and third-party risk management.Operational Security ManagementThreat hunting: The role includes responsibility for evaluating business activities in conjunction with comprehensive logging and monitoring practices. This encompasses the use of behavioral analysis and anomaly detection to rapidly identify potential threats and ensure proactive protection of organisational assets.Vendor and partner management: Manage a network of technology partners and contractors, including developers and engineers, to ensure effective collaboration and high standards of delivery. Establish and maintain a third-party security risk assessment framework, enabling thorough evaluation of current and prospective partners to safeguard organisational interests and maintain robust security across all external engagements.Infrastructure management: Maintain and secure IT infrastructure across multiple sites and locations. This encompasses oversight of systems such as Jamf, Cisco, Zscaler, Apple and Chrome devices, as well as a comprehensive suite of modern security toolsincluding Endpoint Detection and Response (EDR), Privileged Access Management, biometric authentication, and others.Security Monitoring: Implement continuous monitoring systems for threat detection and response across all digital infrastructure. Establish security operations center (SOC) capabilities or manage third-party security services.Stakeholder Communication: Translate complex security concepts into business terms for senior leadership and family office stakeholders. Provide regular security briefings and incident reports to executive team and board members.Employee Training and AwarenessDevelop and deliver cybersecurity awareness training for family office staff, family members, and relevant stakeholders.Promote a culture of security awareness to reduce risks from phishing, social engineering, and other human-related vulnerabilities.Provide guidance on secure handling of sensitive information in both digital and physical environments.Provide regular reports to family office principals and management on the state of cybersecurity, incidents, and risk mitigation efforts.What Were Looking ForBachelor''s degree in Cybersecurity, Computer Science, Information Technology, or related field would be advantageous.10-15 years of progressive experience in information security roles, with at least 5 years in senior leadership positionsDemonstrated experience in environments with rapidly emerging, customised / targeted and sophisticated threatsProven track record in technology investment due diligence and cybersecurity assessmentsStrong communication and presentation skillsExecutive-level self direction and autonomy, with well developed skills to self manage to targets (OKRs)Strong project management and vendor management capabilitiesPrevious experience in sectors where emergent threats (including zero day attacks) are frequent (including financial services, defense, critical national infrastructure) or family office environmentsKnowledge of regulatory requirements for cryptocurrency businesses and financial servicesWhat Youll ReceiveExtremely competitive remuneration against market and bonuses for exceptional performance.Professional development, health and book budgetsWork with an extremely capable and motivated teamOpportunity to learn about a variety of different sectors that the firm works acrossOperate in an environment where your role is of highest priority to the principal, their family, and the firms individuals.Application instructionsTo submit your application, please email ciso-role (at) kotti (dot) capital with your resume in Docsend format and a brief explainer detailing why you are the ideal fit for the role.Seniority levelSeniority levelExecutiveEmployment typeEmployment typeFull-timeJob functionJob functionInformation TechnologyIndustriesInvestment ManagementReferrals increase your chances of interviewing at Kotti Capital by 2xGet notified about new Chief Information Security Officer jobs in Greater Melbourne Area.Chief Information Security Officer (CISOMelbourne, Victoria, Australia 5 days agoMelbourne, Victoria, Australia 1 week agoMelbourne, Victoria, Australia 2 weeks agoChief Technology Officer, Public Sector, Google Cloud, APACMelbourne, Victoria, Australia 3 days agoMelbourne, Victoria, Australia 13 hours agoSouth Melbourne, Victoria, Australia 1 week agoMelbourne, Victoria, Australia 3 days agoGroup Manager - Network, Storage and Data CentresMelbourne, Victoria, Australia 1 week agoGroup Manager - Server, Cloud & Compute PlatformsMelbourne, Victoria, Australia 1 week agoMelbourne, Victoria, Australia 3 days agoWere unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI. #J-18808-Ljbffr