CEX.IO Europe is in the final stages of obtaining authorisation under the EU Markets in Crypto-Assets Regulation (MiCA) as a Crypto-Asset Service Provider (CASP) in Spain. As part of our regulatory readiness and local substance requirements, we are actively recruiting a Spain‑based Money Laundering Reporting Officer (MLRO).
A continuación se detalla todo lo que necesita saber sobre lo que implica esta oportunidad, así como lo que se espera de los solicitantes.
The CISO will be the primary local official responsible for ensuring the digital operational resilience of CEX.IO Europe S.L. in accordance with Regulation (EU) 2022/2554 (DORA).
The CISO’s core mandate is to maintain an effective local capacity for decision‑making, supervision, and questioning over all ICT functions delegated to the servicer company, part of the group. This includes the explicit authority to understand, supervise, question, approve, reject, or nullify any technical action, proposal, or recommendation from the Group service provider that impacts EU operations.
The CISO is responsible for the independent management of technology and cyber risks within the Spanish jurisdiction, ensuring operational substance and digital resilience. The CISO acts as the principal technical liaison and accountable officer for the CNMV and Bank of Spain on all cybersecurity, DORA compliance, and DLT‑related supervisory matters.
Responsibilities
* DORA & MiCA Governance: Lead the implementation and maintenance of the ICT risk management framework to meet CNMV and ESMA standards
* Oversight of Delegated Functions: Supervise and control ICT services provided by CEX.IO Ltd (UK), including cloud infrastructure, software development, and security operations
* ICT Risk Management: Identify, assess, and mitigate technological risks. xpzdshu Conduct annual reviews of the Business Impact Analysis (BIA) and the ICT Risk Assessment
* Incident Management: Act as the ultimate authority for initiating the Incident Response Plan (IRP) for high and critical levels. Coordinate the notification of major incidents to the CNMV within mandated timelines (4h/72h/30 days)
#J-18808-Ljbffr