Chief Information Security Officer

About the team: 

The Chief Information Security Officer (Europe) will provide regional oversight of cybersecurity, technology risk, and privacy risk management for Robinhood Crypto’s European operations. This role will work in close coordination with Robinhood’s centralized U.S. Security and Privacy teams to ensure that European-specific regulatory requirements—such as those under the NIS2 Directive, the Digital Operational Resilience Act (DORA), and GDPR security and privacy provisions—are effectively met, documented, and integrated into global risk frameworks.

The CISO (Europe) will serve as the primary point of contact in the region for regulatory responses related to cybersecurity and technology risk. The ideal candidate will be a seasoned risk and security leader with a strong understanding of European regulatory frameworks, cross-border data flows, and a collaborative approach to managing evolving risks in a dynamic and regulated environment.

No licenses are required.

What you’ll do day-to-day:

• Review and monitor adherence to European cybersecurity regulations (e.g., NIS2, DORA, GDPR security provisions).
• Coordinate and contribute to regulatory filings, audits, or inquiries (e.g., preparing evidence for EU supervisory authorities). Serve as a regional SME on crypto-related regulatory expectations, particularly around MiCA, AML/CFT, and privacy/security of blockchain-based systems.
• Collaborate with Legal, Risk, and Compliance to align on interpretations of regulatory guidance.
• Act as an advisor to product, engineering, and business teams on secure design principles and operational risks tied to the European market. In addition, partner with global product and engineering teams to review new crypto product launches, token listings, or integrations for security and compliance risks.
• Monitor cybersecurity risk posture specific to European operations.
• Oversee third-party vendor assessments from a regional risk perspective, including support for data residency or encryption requirements.
• Coordinate with Procurement and Legal for vendor onboarding or reassessments.
• Serve as a regional conduit for U.S.-led security operations, incident response, threat intelligence, and security architecture.
• Flag or escalate local threats, regulatory risks, or tooling gaps to the global security team.
• Localize global security policies or standards for the European context.
• Support security-by-design reviews, especially for European customer-facing features or partnerships.
• Deliver security awareness or training content customized for EU audiences, where relevant.
• Monitor and support security controls specific to digital assets, such as secure key management, wallet infrastructure, custody models (e.g., MPC, HSMs), and blockchain protocol-level risks.
• Coordinate with U.S. cybersecurity and crypto-specific security functions on threat intel, blockchain forensics, or emerging vulnerabilities (e.g., smart contract risks, bridge exploits).

About you:

• 5- 8+ years in cybersecurity, risk, or information security governance roles, with experience in the EU regulatory landscape.
• Proven experience working in or closely with a cryptocurrency exchange, digital asset custodian, or blockchain-based platform.
• Deep familiarity with European cybersecurity laws (NIS2, MiCA, DORA, GDPR Art. 32) and frameworks (ISO 27001, NIST CSF).
• Experience working with or responding to supervisory authority inquiries, inspections, or regulatory requests
• Demonstrated ability to interpret and operationalize regulatory requirements into practical policies or controls.
• Experience engaging with European regulators or auditors, especially in the fintech or financial services sector.
• Strong collaboration and communication skills, especially across borders and time zones.
• Ability to work independently, balancing oversight duties with influence—not control—of operational execution.

Bonus points:

• Experience working with or supporting a centralized/global security team from a satellite or regional function.
• Experience with MiCA and DORA implementation or acting as a CISO in a VASP, or similar financial institution
• Familiarity with third-party risk management tools and processes.
• Certifications such as CISSP, CISM, CIPP/E, ISO 27001 Lead Auditor, or equivalent.
• Knowledge of cloud-native security principles, AWS preferred
• Knowledge of chain analytics tools (e.g., Chainalysis, TRM Labs) or experience partnering with such vendors.
• Multilingual abilities (e.g., English + Lithuanian or German) can be helpful in regulator communications.