COINS.XYZ Digital Markets is the Brazilian arm of the COINS.PH group, a leading licensed Virtual Asset Service Provider in Southeast Asia. We are establishing a regulated Virtual Asset Service Provider (SPSAV) in Brazil under the new framework of Law 14,478/2022 and Central Bank of Brazil (BCB) Resolutions 519, 520 and 521 of 2025, operating as a broker (intermediation + custody) with FX services.
We are hiring a Statutory Director of Cybersecurity and Incident Response, a role formally required under Article 14, III, "e" of BCB Resolution 520/2025. The Director will be registered with the Central Bank of Brazil and will bear personal regulatory responsibility for the cybersecurity posture of a fully regulated crypto-asset exchange and custodian.
Key Responsibilities
- Design, implement and maintain the Cybersecurity Policy, the Incident Response Plan, and the Cloud Services Contracting Policy, in line with BCB Resolution 85/2021 and BCB Resolution 520/2025.
- Oversee the protection of private keys and the custody architecture (cold/hot/warm wallets, MPC, multisig, HSM).
- Lead the security operations function (SOC/SIEM, threat intelligence, vulnerability management, pentests, red-team).
- Ensure timely reporting of relevant incidents to the BCB, ANPD (LGPD) and other authorities, and coordinate post-incident remediation.
- Manage third-party and cloud risk (vendor due diligence, contractual safeguards, BCB notification regime for relevant IT contracts).
- Integrate cybersecurity into the broader risk framework alongside the Risk, Compliance, AML and IT functions.
- Build and lead the cybersecurity team; embed a security-by-design culture.
- Represent the company before regulators, auditors and the Board on cybersecurity matters.
Mandatory Requirements
- Brazilian residency (mandatory for statutory directors of BCB-regulated entities).
- Unblemished reputation, no criminal convictions in the offences listed in Article 11 of BCB Resolution 519/2025, no current disqualification or suspension in any regulated financial institution, no bankruptcy, no BCB rejection in the past three years.
- Demonstrated technical capacity and knowledge of the cybersecurity domain compatible with BCB Normative Instruction 712/2025 and CMN Resolution 4,970/2021 fit & proper standards.
- Willingness to undergo BCB authorisation procedures and ongoing supervisory scrutiny.
Qualifications
- Bachelor's degree in Computer Science, Information Security, Engineering or equivalent; postgraduate degree preferred.
- 10+ years of cybersecurity experience, with at least 5 years in leadership roles within financial institutions, fintechs, crypto exchanges or critical-infrastructure environments.
- Hands-on expertise in: cryptographic key management, blockchain and smart-contract security, cloud security (AWS/GCP), SOC operations, DLP, IAM/PAM, threat modelling, incident response and digital forensics.
- Working knowledge of BCB Resolution 85/2021, BCB Resolution 520/2025, LGPD (Law 13,709/2018), ISO 27001, NIST CSF 2.0 and PCI DSS.
- Industry certifications such as CISSP, CISM, CCSP, CCSK, CISA or equivalent.
- Fluent Portuguese and advanced English.
Differentiators
- Prior experience as a statutory officer in a BCB or CVM-regulated institution.
- Experience supporting a BCB authorisation process or implementing a cybersecurity programme from the ground up.
- Direct experience in crypto-asset exchanges, custodians or wallet providers.
- Familiarity with international VASP frameworks (FATF, MAS, MiCA).
