About Kraken
Our mission is to accelerate the adoption of cryptocurrency so that you and the rest of the world can achieve financial freedom and inclusion. In our first decade, Kraken has risen to become one of the largest, most successful and respected crypto exchanges on the planet.
We are changing the way the world thinks about finance and our range of successful products are playing a critical role in the mainstream adoption of crypto assets. We continue to trail-blaze into new territory with the introduction of Kraken Bank, providing a more seamless integration between crypto and the traditional financial system. This makes us the first crypto company (ever) to be awarded a U.S. state banking charter.
Our diverse group of 2,000+ Krakenites are distributed all over the world as part of our 'remote first' culture, united by a shared passion for delighting customers, upholding crypto values and achieving our meaningful mission. We attract people who push themselves to improve, are radically transparent and think differently in order to unlock their potential.
Crypto is a rapidly evolving industry and we’re just getting started. We’re growing fast and you're invited to join the revolution!
About the Role
We are looking for an Information Security Analyst to be part of a team focused on performing scoped information security assessments, audits of critical tools and vendors, and assisting in the maturation of our confidentiality, integrity, and availability initiatives. The analyst must be self-motivated, work well under pressure, develop strong relationships with stakeholders, and demonstrate commitment and accountability.
Responsibilities
- Maintain and mature certifications: ISO27001, SOC2
- Ensure compliance with Information Security policies, procedures, guidelines, and standards;
- Conduct internal compliance reviews and serve as consultant for security issues that require immediate resolution;
- Liaison between Information Technology department and third-parties engaged to provide Information Security monitoring and/or management services:
- Ability to interpret and disseminate security-related information as needed to invoke operational/security responses and/or actions as needed;
- Interpret and disseminate security-related information to upper management and the board of directors in relevant terms, e.g., summary dashboards;
- Facilitate audit and regulatory reviews by gathering documentation or representing facts to auditors and regulators as required;
- Ensure the company is compliant with data destruction methods
- Review internal, external, and regulatory recommendations and follow up to ensure company adaptation;
- Advise manager of potential new threats and plausible mitigation, and suggested user education;
- Participate with Information Security and Information Technology teams and any required third-party partners to protect data; and
- Perform day to day tasks as it relates to Information Security.
Requirements
- Experience in acquiring, maintaining, and maturing ISO27001, SOC2, or SOC3 compliance is highly desirable.
- Direct communication with Regulators or as part of team that works closely with Regulators
- Ability to effectively communicate technical- and security-related concepts to a broad range of technical and non-technical professionals;
- Ability to effectively communicate with IT staff and third-party IT security management service providers;
- Familiarity with industry data security, privacy standards, relevant laws and regulatory requirements
- Strong technical skills, analytical skills, and administrative skills
- Excellent written and verbal communication skills
- Ability to anticipate and respond to internal and external departmental needs.
- Ability to follow through and complete assigned tasks within a designated time fame
- Excellent organizational skills, ability to multitask and demonstrate flexibility
- Excellent corporate work ethics (timely, respectful and considerate to co-workers, honest)
Deadline for applications: 16.02.2022.
