Blockchain.com is the world's leading software platform for digital assets. Offering the largest production blockchain platform in the world, we share the passion to code, create, and ultimately build an open, accessible and fair financial future, one piece of software at a time.
We are looking for a Security GRC Senior Analyst to join our Security team as we tackle some of the most interesting problems in the crypto space, like how do we securely scale a distributed financial platform that touches millions of people a day.
At Blockchain.com, Security GRC is a mindset and a set of best practices to align the company with the industry regulations, laws and standards required to be a lead crypto company. The Security GRC team is responsible for achieving and maintaining IT audits and certifications; supporting company initiatives with strong Information Security requirements and controls design and implementation.
Security GRC at Blockchain.com is a work in progress - we are looking for an experienced Security GRC Senior Analyst to Plan, perform and control the activities to assure Blockchain.com’s controls are effectively implemented to comply with defined standards. Ensure compliance of all IT services with the legal frameworks applicable. Evaluate information security risks and identify solutions to minimize exposure. Identify, propose and work towards new applicable certifications, audits and frameworks and act as a liaison between audit requirements and engineering teams.Are you ready for a challenge?
WHAT YOU WILL DO
- Oversee execution and completion of applications related security controls ensuring effectiveness.
- Design, create and share policies, standards and procedures to ensure demonstrable regulatory /legal control. Communicate changes to internal stakeholders.
- Conduct preliminary self-assessment control tests of the applicable controls.
- Track and document remediation actions as result of audit findings,
- Host internal/external IT audits including walkthroughs, retaining test evidence for in scope assets and tracking action plans to either remediate or mitigate potential risk exposure findings.
- Conduct the quarterly User Access reviews process including information gathering, management responses tracking, and results review to follow through on corrective actions.
- Develop, implement and maintain a risk register. Contribute results to the corporate dashboard.
- Participate in new tools/partners/investors due diligences.
- Have an active participation in Digital projects and perform other activities assigned by the Manager.
WHAT YOU WILL NEED
- Forward-looking and strategic minded, with an eye to understanding potential risks, legal and compliance implications.
- Good knowledge of IT risk areas including regulatory, operational, information and energy industry specific.
- Good overall knowledge of application and infrastructure security control mechanisms.
- Advanced command of the English language.
- 5+ years experience in audit and security certifications such as ISO, SOC and PCI.
- Education Four-year college degree (or equivalent)
- Competitive full-time salary based on experience and meaningful equity in an industry-leading company
- The opportunity to be a key player and build your career at a rapidly expanding, global technology company in an exciting, emerging industry.
- Unlimited vacation policy; work hard and take time when you need it.
- Crypto bonuses
- Performance-based bonuses paid in cash
- Apple equipment provided by the company
- Awesome office locations and remote working options.
- LinkedIn profile.
- Link to github, stackoverflow, personal website and/or blog (if applicable).
- Favorite GIF
When you apply to a job on this site, the personal data contained in your application will be collected by one or more of the following subsidiaries of Blockchain Luxembourg S.A (each, a “Controller”):
- Blockchain Access UK Ltd.
- Blockchain (GB) Limited
- Blockchain (US), Inc.
- Blockchain (LT), UAB
You may contact our Data Protection Officer by email at email@example.com. Your personal data will be processed for the purposes of managing Controller’s recruitment related activities, which include setting up and conducting interviews and tests for applicants, evaluating and assessing the results thereto, and as is otherwise needed in the recruitment and hiring processes. Such processing is legally permissible under Art. 6(1)(f) of Regulation (EU) 2016/679 (General Data Protection Regulation) as necessary for the purposes of the legitimate interests pursued by the Controller, which are the solicitation, evaluation, and selection of applicants for employment.
Your personal data will be shared with Greenhouse Software, Inc., a cloud services provider located in the United States of America and engaged by Controller to help manage its recruitment and hiring process on Controller’s behalf. Accordingly, if you are located outside of the United States, your personal data will be transferred to the United States once you submit it through this site. Because the European Union Commission has determined that United States data privacy laws do not ensure an adequate level of protection for personal data collected from EU data subjects, the transfer will be subject to appropriate additional safeguards under the standard contractual clauses.
Your personal data will be retained by Controller as long as Controller determines it is necessary to evaluate your application for employment. Under the GDPR, you have the right to request access to your personal data, to request that your personal data be rectified or erased, and to request that processing of your personal data be restricted. You also have to right to data portability. In addition, you may lodge a complaint with an EU supervisory authority.