hero

Join the Unanimous Family

Your new chapter begins today.

Senior Analyst Security Compliance

Kraken

Kraken

IT, Legal
United States
Posted on Feb 6, 2024

Building the Future of Crypto

Our Krakenites are a world-class team with crypto conviction, united by our desire to discover and unlock the potential of crypto and blockchain technology.

What makes us different?

Kraken is a mission-focused company rooted in crypto values. As a Krakenite, you’ll join us on our mission to accelerate the global adoption of crypto, so that everyone can achieve financial freedom and inclusion. For over a decade, Kraken’s focus on our mission and crypto ethos has attracted many of the most talented crypto experts in the world.

Before you apply, please read the Kraken Culture page to learn more about our internal culture, values, and mission.

As a fully remote company, we have Krakenites in 60+ countries who speak over 50 languages. Krakenites are industry pioneers who develop premium crypto products for experienced traders, institutions, and newcomers to the space. Kraken is committed to industry-leading security, crypto education, and world-class client support through our products like Kraken Pro, Kraken NFT, and Kraken Futures.

Become a Krakenite and build the future of crypto!

Proof of Work

The Team

The Senior Analyst, Security Compliance is responsible for leading projects that support the global security compliance program and strategy as part of the governance, risk and compliance team. This includes overseeing the execution of external IT audits, providing technical or process oriented recommendations and collaborating closely with internal and external stakeholders of the information security management system, in addition to working on projects to remediate identified issues from ongoing or prior reviews.

The position will participate in the oversight of the security risk management process along with assessing, overseeing or monitoring the execution of security processes and controls, performing analysis, interviews, and reviews, along with creating or improving documentation, and providing feedback to stakeholders as necessary. The role will also assist with the implementation of controls by monitoring trends and developments to understand and implement plans to meet or exceed information technology focused regulatory requirements. The position entails demonstrating effective project management capabilities, collaboration skills with a wide variety of internal and external stakeholders, including reporting on status to upper management regularly and creating reports of results periodically.

The Opportunity

  • Implement, monitor, and support security processes/systems that will help ensure compliance with regulatory and financial industry requirements along with corporate policies and procedures

  • Conduct internal and external security assessments or audits to assess the design and/or the effectiveness of security and information technology general controls

  • You will be involved in certification and attestation engagements, such as SOC reporting, ISO certification, both from an external audit and internal implementation or oversight perspective

  • Develop, implement, or enhance cyber security policies and procedures in compliance with industry standards, regulations and leading practicesStay informed about changes in security regulations and ensure organizational adherence

  • Identify and recommend potential areas where existing security policies and procedures require change, or where a supplement is required to mitigate focal security risks. Partner with various business areas and stakeholders to enhance security policies/procedures and controls

  • Collaborate with external auditors to ensure compliance with industry standards

  • Work with administrators, developers and other stakeholders to remediate control deficiencies

  • Identify issues with underlying root causes regarding IT control deficiencies or gaps and develop actionable recommendations and oversee implementation of action plans for remediation

  • Enhance the third party risk management program through knowledge of leading practices

  • Analyze regulatory inspections and audit results for trends to support the security compliance team and work to develop supporting documentation or provide consultation to impacted stakeholders to maintain quality controls with supporting information and records

  • Ensure leading security practices are identified and integrated into all facets of ongoing projects

  • Creating data flow diagrams or process flowcharts for high-risk security or related processes

  • Monitoring and managing project progress and risks, and ensuring key stakeholders are kept informed about progress and expected outcomes and that concerns are flagged early

Skills you should HODL

  • Bachelor’s degree from an accredited institution, MBA or other advanced degree preferred

  • 5 years of experience in technical information security roles, namely external or internal IT audit, security risk management, governance, or compliance or similar

  • Demonstrated ability to lead cross-functional projects and lead projects involving remediation of identified control gaps or improvements to closure

  • Knowledge of ISO/IEC 27001, PCI-DSS, SOC 1, SOC 2, ITIL, COBIT, CCSS and NIST

  • Knowledge of integrated financial audit engagements, especially involving public and/or highly regulated financial services businesses

  • Experience with cybersecurity regulations and regulatory best practices, such as those promulgated by the EU, SEC, FCA, NYDFS, CPPA, etc

  • Experience with deployments and transitions into a cloud environment or utilization of cloud infrastructure to achieve business technical needs and related objectives

  • Understanding and implementation of segregation of duty frameworks and associated mitigating controls and SOD tools

  • Experience performing IT control assessments, internal or external IT audits, or implementing cybersecurity controls for large scale financial service organizations (hybrid environments)

  • Knowledge/experience in identity access management and related cybersecurity tools

  • Understanding of computer science and programming concepts, including software development, deployment, and control, and an eager willingness to learn more

  • Familiarity with languages such as JavaScript, Python, C, Go, Rust, or similar is a plus

  • Strong time management skills, self-motivated, and disciplined working remotely

  • Project management experience, knowledge and skill set

Nice to Haves

  • Previous consulting or Big 4 audit experience preferred

  • Data flow diagram or related skillset is preferred, i.e. experience with Vizio or similar tools

  • Understanding of application development, deployment, and management patterns, especially DevSecOps and CI/CD practices is nice to have

  • Experience with national security and privacy regulations is nice to have

  • Data Analysis or scripting experience is another nice to have for candidates

  • Experience supporting regulatory and statutory reporting processes and improvements

  • At least one of professional security management certification such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is desired

Location Tagging: #US # EU #Canada #LI-Remote #LI-DA1

Kraken is powered by people from around the world and we celebrate all Krakenites for their diverse talents, backgrounds, contributions and unique perspectives. We hire strictly based on merit, meaning we seek out the candidates with the right abilities, knowledge, and skills considered the most suitable for the job. We encourage you to apply for roles where you don't fully meet the listed requirements, especially if you're passionate or knowledgable about crypto!

As an equal opportunity employer, we don’t tolerate discrimination or harassment of any kind. Whether that’s based on race, ethnicity, age, gender identity, citizenship, religion, sexual orientation, disability, pregnancy, veteran status or any other protected characteristic as outlined by federal, state or local laws.

Stay in the know

Follow us on Twitter

Learn on the Kraken Blog

Connect on LinkedIn