COINS.XYZ Digital Markets is the Brazilian arm of the COINS.PH group, a leading licensed Virtual Asset Service Provider in Southeast Asia. We are establishing a regulated Virtual Asset Service Provider (SPSAV) in Brazil under the new framework of Law 14,478/2022 and Central Bank of Brazil (BCB) Resolutions 519, 520 and 521 of 2025, operating as a broker (intermediation + custody) with FX services.

We are hiring a Statutory Director of Cybersecurity and Incident Response, a role formally required under Article 14, III, "e" of BCB Resolution 520/2025. The Director will be registered with the Central Bank of Brazil and will bear personal regulatory responsibility for the cybersecurity posture of a fully regulated crypto-asset exchange and custodian.

### Key Responsibilities

Design, implement and maintain the Cybersecurity Policy, the Incident Response Plan, and the Cloud Services Contracting Policy, in line with BCB Resolution 85/2021 and BCB Resolution 520/2025.

Oversee the protection of private keys and the custody architecture (cold/hot/warm wallets, MPC, multisig, HSM).

Lead the security operations function (SOC/SIEM, threat intelligence, vulnerability management, pentests, red-team).

Ensure timely reporting of relevant incidents to the BCB, ANPD (LGPD) and other authorities, and coordinate post-incident remediation.

Manage third-party and cloud risk (vendor due diligence, contractual safeguards, BCB notification regime for relevant IT contracts).

Integrate cybersecurity into the broader risk framework alongside the Risk, Compliance, AML and IT functions.

Build and lead the cybersecurity team; embed a security-by-design culture.

Represent the company before regulators, auditors and the Board on cybersecurity matters.

Mandatory Requirements

Brazilian residency (mandatory for statutory directors of BCB-regulated entities).

Unblemished reputation, no criminal convictions in the offences listed in Article 11 of BCB Resolution 519/2025, no current disqualification or suspension in any regulated financial institution, no bankruptcy, no BCB rejection in the past three years.

Demonstrated technical capacity and knowledge of the cybersecurity domain compatible with BCB Normative Instruction 712/2025 and CMN Resolution 4,970/2021 fit & proper standards.

Willingness to undergo BCB authorisation procedures and ongoing supervisory scrutiny.

### Qualifications

Bachelor's degree in Computer Science, Information Security, Engineering or equivalent; postgraduate degree preferred.

10+ years of cybersecurity experience, with at least 5 years in leadership roles within financial institutions, fintechs, crypto exchanges or critical-infrastructure environments.

Hands-on expertise in: cryptographic key management, blockchain and smart-contract security, cloud security (AWS/GCP), SOC operations, DLP, IAM/PAM, threat modelling, incident response and digital forensics.

Working knowledge of BCB Resolution 85/2021, BCB Resolution 520/2025, LGPD (Law 13,709/2018), ISO 27001, NIST CSF 2.0 and PCI DSS.

Industry certifications such as CISSP, CISM, CCSP, CCSK, CISA or equivalent.

Fluent Portuguese and advanced English.

Differentiators

Prior experience as a statutory officer in a BCB or CVM-regulated institution.

Experience supporting a BCB authorisation process or implementing a cybersecurity programme from the ground up.

Direct experience in crypto-asset exchanges, custodians or wallet providers.

Familiarity with international VASP frameworks (FATF, MAS, MiCA).

Director of Cybersecurity & Incident Response (Brazil)

Other open roles at CoinStats(6)