◾️Company Overview Gaudiy Financial Labs (GFL) is a pioneering WEB 3.0 company that is newly venturing into the financial technology space with the initiation of its financial lab. We are building a new, small engineering team composed of highly talented, highly motivated, and highly compensated engineers. This is a rare opportunity to work on systems that will be built from scratch. We are looking for an experienced Cybersecurity Manager to join this dynamic team. ◾️Role Explanation As our Cybersecurity Manager, you will be responsible for establishing and leading our entire information security function. This is a foundational leadership role that combines strategic vision with hands-on execution. You will define and implement the company’s cybersecurity strategy, governance, and controls to protect customer assets, trading infrastructure, and corporate systems. Working closely with executives, engineering, compliance, and legal teams, you will ensure the company meets the highest standards of security, regulatory compliance, and operational resilience required of a licensed crypto exchange in Japan. Your leadership will directly influence how we build trust with customers, regulators, and partners as we scale our platform securely and responsibly. ◾️Responsibilities ▼Security Governance & Leadership - Develop, implement, and continuously enhance the company’s Information Security Management System (ISMS) aligned with ISO/IEC 27001, NIST, and JFSA expectations. - Build and manage security and compliance roadmaps covering governance, risk, and compliance (GRC). - Lead security audits (internal, SOC 1, SOC 2, ISO 27001) and coordinate with regulators, auditors, and third-party assessors. - Report cybersecurity posture, risks, and metrics to the executive team and board of directors. - Partner with Legal and Compliance teams to ensure adherence to data protection regulations (e.g., APPI, GDPR, CPRA). ▼Operational & Technical Security -Define and own the company’s technical security architecture and operational security policies across cloud infrastructure, internal systems, and customer-facing platforms. - Establish a cloud security governance model, setting the policy for secure deployment and operations on Google Cloud Platform (GCP) and other cloud environments, including the use of the GCP Cybersecurity Toolkit and native controls for IAM, workload protection, and compliance monitoring. - Define the company’s Identity and Access Management (IAM) and authentication architecture, setting requirements for identity providers (IdP), token-based authentication (e.g., JWT), and federation frameworks (SAML, OIDC, OAuth 2.0). Develop policies and requirements for advanced authentication models, including SSO, MFA, passwordless access (e.g., Passkey / WebAuthn), and Client-Initiated Backchannel Authentication (CIBA) to support secure and compliant financial-grade access patterns. - Establish guidelines for Financial-grade API (FAPI) compliance in API security, ensuring alignment with emerging OpenID and Open Banking security standards. - Define and oversee the approach to service mesh and microservice security, including policy and architecture for zero-trust networking, mutual TLS, and secure service communication using technologies such as Istio and Envoy as potential enablers. - Define the company’s approach to crypto and blockchain security, including policies for wallet management, key lifecycle control, custody security, and smart contract assurance, referencing modern blockchain standards such as ERC-4337 (account abstraction) and EIP-7702 (authorization model). - Set the security requirements for DevSecOps, ensuring security is integrated throughout the SDLC, including secure code review, vulnerability management, and continuous monitoring. - Define and manage policies for incident detection and response, threat intelligence, and monitoring, determining appropriate models for in-house operations vs. managed security service providers (MSSPs). - Establish organization-wide standards for data protection, encryption, and key management, ensuring consistency across systems, regions, and regulatory requirements. - Provide architectural guidance to ensure all security controls maintain a balance of risk mitigation, regulatory compliance, system performance, and user experience. ▼Risk & Compliance - Conduct risk assessments and implement controls aligned with ISO 27001 Annex A and FISC guidelines. - Lead business continuity (BCP) and disaster recovery (DR) planning and testing. - Manage vendor risk management, third-party due diligence, and security reviews. - Support internal and external compliance with AML/CFT and financial regulatory frameworks. ▼Culture & Leadership - Serve as a security advocate across the organization, building awareness and ownership at all levels. - Mentor technical and non-technical staff on security best practices. - Plan for and build a future cybersecurity team as the company scales.

- 10+ years of experience in cybersecurity, IT risk management, or information assurance. - Proven leadership in building or maintaining ISO/IEC 27001 and SOC 2 programs. - Deep understanding of GRC, data protection laws, and audit readiness. - Hands-on expertise in security infrastructure, cloud environments (AWS, GCP, Azure), and identity management systems. - Experience in regulated industries such as fintech, banking, or crypto. - Strong communication and leadership skills to influence executives and engineers alike. - Fluent English; business-level Japanese or willingness to learn.

- Certifications such as CISSP, CISA, CISM, CySA+, or CCSK. - Familiarity with JFSA and APPI requirements for crypto exchanges. - Master’s degree in Cybersecurity or Information Assurance. - Prior experience in building cybersecurity functions in startup or scale-up environments. - Prior experience with blockchain technology and blockchain specific security.