About Keyrock
Since our beginnings in 2017, we've grown to be a leading change-maker in the digital asset space, renowned for our partnerships and innovation.
Today, we rock with over 200 team members around the world. Our diverse team hails from 42 nationalities, with backgrounds ranging from DeFi natives to PhDs. Predominantly remote, we have hubs in London, Brussels, Singapore and Paris, and host regular online and offline hangouts to keep the crew tight.
We are trading on more than 80 exchanges, and working with a wide array of asset issuers. As a well-established market maker, our distinctive expertise led us to expand rapidly. Today, our services span market making, options trading, high-frequency trading, OTC, and DeFi trading desks as well as digital asset management. Keyrock is looking to expand and establish itself as a full-service financial institution through both organic innovation and inorganic growth.
But we’re more than a service provider. We’re an initiator. We're pioneers in adopting the Rust Development language for our algorithmic trading systems, and champions of its use in the industry. We support the growth of Web3 startups through our Accelerator Program. We upgrade ecosystems by injecting liquidity into promising DeFi, RWA, and NFT protocols. And we push the industry's progress with our research and governance initiatives.
At Keyrock, we're not just envisioning the future of digital assets. We're actively building it.
Role summary
As a Senior Security Program Manager, you will drive execution of Keyrock’s highest-priority security initiatives across a fast-moving, always-on trading environment. You’ll build structure, visibility, and predictable delivery across security programs—partnering with Engineering, Infrastructure/Cloud, Trading/Quant Engineering, IT, Risk/Compliance, and leadership to reduce risk while enabling business velocity.
This role is ideal for someone who can translate security strategy into delivery: clear roadmaps, measurable outcomes, and strong cross-functional coordination.
What you’ll doProgram leadership & delivery
- Own a portfolio of security programs (planning, resourcing, milestones, dependencies, risk/issue management, and outcomes).
- Create and maintain multi-quarter roadmaps aligned to Keyrock’s business and operating model across venues and services (CEX/DEX and liquidity services).
- Establish governance and operating cadence: steering meetings, status reporting, program reviews, and executive updates.
- Support the CISO in delivering firmwide initiatives.
Security governance, risk, & control initiatives
- Partner with Security and Engineering teams to drive key initiatives such as: access governance, secrets management, vulnerability remediation, security logging/monitoring improvements, endpoint/security baseline, and secure SDLC enablement.
- Help mature control coverage and evidence for internal/external assurance needs (as applicable in a financial-services context).
- Partner with the Director of GRC to support GRC and audit initiatives.
Incident readiness & operational resilience
- Partner with Security Operations to improve incident preparedness through playbooks, tabletop exercises, lessons learned, and operational runbooks—ensuring security response stays effective in a high-availability trading environment.
Cross-functional influence
- Act as the “glue” across technical and business stakeholders—clarifying ownership, unblocking delivery, and keeping programs moving with crisp communication.
- Build lightweight, scalable processes that improve security consistency without slowing teams.
What success looks like (first 6–12 months)
- A clearly prioritized security program roadmap with measurable KPIs and predictable execution.
- Improved security readiness for key business areas, aligned with Keyrock’s activities (market making, OTC, options, treasury).
- Higher stakeholder confidence via clear reporting, risk transparency, and consistent program delivery.
Minimum qualifications
- 7+ years in security program management / technical program management / security operations program delivery.
- Demonstrated experience running cross-functional programs across engineering and operations (scope, schedule, risks, dependencies).
- Strong technical fluency in cloud/infra, identity/access, vulnerability management, security monitoring, and incident processes.
- Excellent written/verbal communication with the ability to translate complex risk into clear priorities.
Preferred qualifications
- Experience in fintech, trading, payments, or digital assets, especially environments requiring high uptime and rapid execution.
- Familiarity with security frameworks (NIST CSF, ISO 27001) and audit/assurance concepts.
- Experience supporting security programs that intersect with financial integrity domains (e.g., AML/CFT awareness is a plus given Keyrock’s financial-services context).
- Relevant certifications (e.g., CISM, CISSP, CISA, CRISC, PMP) or equivalent demonstrated expertise.