Security Analyst - Crypto

Job#: 3030270

Job Description:
Position Overview

The Business Information Security Officer (BISO) is a subject matter professional (SMP) within the Technology Risk & Cybersecurity Compliance (TRACC) team under the Cybersecurity Services organization. The Digital Assets BISO acts as the primary cybersecurity risk liaison and advisor for business units engaged in cryptocurrency- and digital asset-related products, services, and vendor partnerships.

This role ensures that all digital asset initiatives adhere to enterprise cybersecurity policies and procedures, while enabling innovation in a secure and compliant manner.

The Digital Assets BISO will oversee vendor cybersecurity controls, conduct comprehensive risk assessments, guide business and technology teams on policy and standards, and support compliance and audit activities. The role requires strong domain knowledge of crypto ecosystems, custody/security models, and third-party risk management, along with effective communication skills to bridge cybersecurity, engineering, and business functions.
Key Responsibilities
1. Cybersecurity Governance & Business Alignment

• Serve as the embedded security partner for Digital Assets business teams, aligning security requirements with product and operational objectives.
• Translate enterprise cybersecurity policies and procedures into practical, actionable expectations for digital asset initiatives.
• Participate in project planning, architecture reviews, and roadmap discussions to ensure secure design and regulatory alignment.
• Support risk exception, risk acceptance, and mitigation processes.

2. Digital Asset & Cryptocurrency Risk Assessments

• Lead end-to-end cybersecurity risk assessments for digital asset products, crypto custody models, wallet operations, blockchain integrations, and supporting vendors.
• Evaluate risks related to private key management, wallet operations, smart contract risks, node infrastructure, and transaction processes.
• Document risks, recommend compensating controls, and track remediation to closure.

3. Vendor Cybersecurity Oversight

• Own the security risk lifecycle for digital asset vendors-from due diligence and contract negotiation to ongoing monitoring.
• Review vendor cybersecurity evidence (SOC 2, penetration tests, questionnaires, cloud posture).
• Ensure contractual controls for data protection, breach notification, crypto asset handling, and regulatory adherence.
• Track and drive remediation of vendor findings.

4. Education, Policy, and Standards Enablement

• Educate business, engineering, and operations teams on enterprise cybersecurity policies and secure practices.
• Develop crypto-specific security training and guidance.
• Promote a culture of security awareness.

5. Compliance, Audit, and Regulatory Support

• Prepare and coordinate internal and external audit activities.
• Ensure controls operate effectively and evidence is complete.
• Support alignment with SEC, FINRA, OCC, FFIEC, and other regulatory expectations.

6. Cyber Incident Preparedness & Response

• Collaborate with Cyber Operations and Incident Response teams for crypto-specific incident preparedness.
• Contribute to playbooks for key compromise, vendor breaches, on-chain exploits, and blockchain outages.

7. Risk Reporting & Executive Communication

• Produce business-focused reporting on residual risk, vendor posture, assessment outcomes, KRIs, and audit findings.
• Present risks and recommendations to leadership.

Qualifications

• Bachelor's degree in Information Security, Computer Science, Engineering, or a related field.
• 7+ years of experience in cybersecurity or technology risk.
• Experience with digital assets, blockchain, or crypto custody/security.
• Familiarity with cybersecurity frameworks including NIST CSF, NIST 800-53, SOC 2, and FFIEC.
• Strong communication and risk articulation skills.

Preferred Qualifications

• Cybersecurity-related certification such as CISSP, CISM, CRISC, CCSP, CISA, or similar.
• Crypto-focused credentials or blockchain training.
• Knowledge of key management systems, smart contract risks, and cloud security.
• Experience with Governance, Risk, and Compliance (GRC) platforms.

Locations: Southlake/South Mountain, TX | Lone Tree, CO | Phoenix, AZ

Onsite expectation: 4 DAYS ONSITE/1 DAY REMOTE (Friday)

Pay range: $53-$57/hr W2

Contract length: 6+ months

Note: We are unable to consider C2C or third-party submissions.

If you are interested, please apply directly or email an updated copy of your resume to

Apex Benefits Overview: Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our 'Welcome Packet' as well, which an Apex team member can provide.

EEO Employer

Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at or .

Apex Systems is a world-class IT services company that serves thousands of clients across the globe. When you join Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing in Talent Satisfaction in the United States and Great Place to Work in the United Kingdom and Mexico.

Apex Systems is a world-class IT services company that serves thousands of clients across the globe. When you join Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing in Talent Satisfaction in the United States and Great Place to Work in the United Kingdom and Mexico. Apex uses a virtual recruiter as part of the application process. Click for more details.

Apex Benefits Overview: Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our 'Welcome Packet' as well, which an Apex team member can provide.