Crypto Asset Custody and Security Lead

Security · APAC · Hybrid / Remote

Crypto Asset Custody & Security Lead (DORA‑Aligned)

Help reinvent global finance with secure, resilient digital asset infrastructure. At Reap, you'll be the security backbone behind our custody operations-shaping how private keys are protected, how wallets operate at scale, and how our ICT controls meet DORA with confidence. You'll blend hands‑on security engineering with governance craft, raising the bar on operational resilience across our products and platforms.

Security at Reap

Reap builds financial connectivity for a multi‑rail world-traditional finance, stablecoins, and real‑time payments. Security is foundational to that mission. We're looking for a pragmatic engineer who can turn regulation into robust systems, and complex threats into clear controls. You'll partner with Engineering, Risk, and Operations to keep value moving safely, globally, and 24/7.

What you'll doCustody security engineering

• Operate and harden custody environments across hot, warm, and cold storage.

• Own key lifecycle controls: secure creation, rotation, backup, recovery, and destruction, aligned to DORA secure ICT operations (Art. 9).

• Support and evolve multisig flows, HSMs, and offline signing patterns.

• Monitor wallet transaction flows and signals for anomalies, abuse, and drift.

• Establish secure configuration baselines, hardening guides, and change controls for custody systems.

Access, SSO, and lifecycle

• Enforce strict segregation of duties and RBAC in line with DORA principles (Art. 6).

• Administer SSO integrations and joiner‑mover‑leaver lifecycle for custody participants.

• Drive MFA everywhere it matters, least‑privilege defaults, and periodic access reviews.

ICT governance and DORA compliance

• Co‑author policies, standards, and procedures for custody security and change management (Art. 5).

• Keep control inventories, evidence, and audit‑ready documentation current.

• Run or support risk assessments for keys, wallets, and asset movement (Art. 8).

• Contribute to oversight of third‑party custody providers and critical vendors (Art. 30).

Incident response and resilience

• Tune monitoring for custody alerts: wallet anomalies, access violations, and key events.

• Triage, escalate, and document incidents in accordance with DORA (Art. 17-19).

• Maintain DR procedures for custody systems and key backups (Art. 28) with tested RTO/RPO.

• Design and run resilience scenarios: key loss, wallet malfunction, chain instability.

Cross‑functional impact

• Partner with Product, Platform, Data, and Compliance to land controls that scale.

• Turn regulatory expectations into clear, testable engineering outcomes.

• Communicate risk and trade‑offs crisply to technical and non‑technical stakeholders.

About youEssential

• Hands‑on experience in crypto custody, blockchain operations, or digital asset security.

• Deep understanding of custody risks: key compromise, misuse of signing authority, replay and chain instability.

• Practical knowledge of SSO, IAM/RBAC, MFA enforcement, and SoD in high‑sensitivity environments.

• Familiar with ICT governance and risk management under DORA (Art. 5-9) and operational resilience and incident obligations (Art. 17-20, 28-30).

• Strong documentation discipline and an evidence‑first mindset.

Nice to have

• Experience in a regulated financial or digital asset institution.

• Exposure to institutional custody platforms and enterprise KMS/HSMs.

• Audit readiness and control testing background, e.g., SOC 2 or ISO 27001.

• Relevant security or blockchain certifications or equivalent demonstrated expertise.

How you work

• Systems thinker with a builder's bias-able to ship secure defaults and iterate.

• Clear communicator who can translate regulation into engineering patterns.

• High integrity and reliability in sensitive custody domains.

What you'll work with

• Multisig wallets, HSMs, hardware wallets, and offline signing setups.

• Secure key ceremonies, tamper‑evident backup, and recovery playbooks.

• Monitoring and analytics across wallet activity, access, and infra posture.

• Change management, evidence collection, and control automation.

What this role offers

• Direct impact on DORA‑aligned custody controls and operational resilience.

• A front‑row seat at the intersection of security engineering and governance.

• Influence over security architecture and custody operating models.

• Growth paths into governance, architecture, or custody security leadership.

Benefits you'll enjoy

• A vibrant, inclusive work culture.

• Annual leave to relax and recharge, plus public holidays.

• Health insurance budget.

• Be part of a fast‑growing global team.

• Flexible remote work options.

• Home office equipment budget.

• Your own Corporate Reap Card-no more out‑of‑pocket spending.

About Reap

Reap is a leading global payment technology provider that enables financial connectivity and access for businesses worldwide. By merging traditional finance with digital assets, bridging disparate economies, and connecting key financial players, we are transforming the financial landscape into a more interconnected and interoperable space for efficient money movement.

With stablecoin‑enabled corporate cards, payout solutions, and expense management tools, we streamline financial operations and empower businesses to scale. Our APIs enable businesses to embed finance into their own products and services, from issuing Visa cards to facilitating cross‑border payments.

Reap is supported by a strong network of investors, including Acorn Pacific Ventures, Arcadia Funds, HashKey Capital, Hustle Fund, Fresco Capital, Abacus Ventures, and Payment Asia.

Founded in 2018

Coworkers 300+