Blockchain.com is the world's leading software platform for digital assets. Offering the largest production blockchain platform in the world, we share the passion to code, create, and ultimately build an open, accessible and fair financial future, one piece of software at a time.
We are looking for a talented Security GRC Analyst to plan, perform and control the activities to assure Blockchain.com’s controls are effectively implemented to comply with defined standards. This person will be responsible for ensuring compliance of all IT services with the legal frameworks applicable. They will evaluate information security risks and identify solutions to minimize exposure. As well as this, they will have a huge impact in identifying, proposing and working towards new applicable certifications, audits and frameworks and act as a liaison between audit requirements and engineering teams.
WHAT YOU WILL DO
- Oversee execution and completion of applications related security controls ensuring effectiveness.
- Design, create and share policies, standards and procedures to ensure demonstrable regulatory /legal control. Communicate changes to internal stakeholders.
- Conduct preliminary self-assessment control tests of the applicable controls.
- Track and document remediation actions as result of audit findings,
- Host internal/external IT audits including walkthroughs, retaining test evidence for in scope assets and tracking action plans to either remediate or mitigate potential risk exposure findings.
- Conduct the quarterly User Access reviews process including information gathering, management responses tracking, and results review to follow through on corrective actions.
- Develop, implement and maintain a risk register. Contribute results to the corporate dashboard.
- Participate in new tools/partners/investors due diligences.
- Have an active participation in Digital projects and perform other activities assigned by the Manager.
WHAT YOU WILL NEED
- The foremost quality for this position or any position at Blockchain.com is integrity
- Forward-looking and strategic minded, with an eye to understanding potential risks, legal and compliance implications.
- Good knowledge of IT risk areas including regulatory, operational, information and energy industry specific.
- Good overall knowledge of application and infrastructure security control mechanisms.
- Advanced command of the English language.
- 5+ years experience in risk management and compliance programs (SOX, PCI, ISO, etc.)
- Education: college/university degree (or equivalent)
COMPENSATION & PERKS:
- Unlimited vacation policy; work hard and take time when you need it.
- Unlimited books policy; order the technical resources you need or simply pick something up from our company library.
- Apple equipment.
- Full-time salary based on experience and meaningful equity in an industry-leading company.
- Favorite GIF.
- LinkedIn profile.
- Link to Github, StackOverflow, personal website and/or blog (if applicable).