Security Assurance Analyst
To see similar active jobs please follow this link: Remote Development jobs
About Us
Chainlink Labs is the primary contributing developer of Chainlink, the decentralized computing platform powering the verifiable web. Chainlink is the industry-standard platform for providing access to real-world data, offchain computation, and secure cross-chain interoperability across any blockchain. Chainlink Labs helps power verifiable applications for banking, DeFi, global trade, and gaming by collaborating with some of the world’s largest financial institutions, notably Swift, DTCC, and ANZ. Chainlink Labs also works with top Web3 teams, including Aave, Compound, GMX, Maker, and Synthetix. Chainlink Labs was ranked in Newsweek’s 100 Most Loved Workplaces 2023 in both the United States and United Kingdom.
The Security Team
The security department is the guardian of Chainlink Labs’ people and infrastructure. Its principal objective is to safeguard Chainlink Labs and its assets against potential threats from any external or internal source. This mission is accomplished through a combination of specialized security engineering, the deployment of cutting-edge technologies, forward-thinking policy development, and the training of highly skilled, security-aware personnel throughout the entire organization.
As an indispensable component of the larger organization, the team seeks to promote a widely understood culture of security, safeguarding our most valuable assets while remaining agile and accessible to all employees and the community.
As a Security Assurance Analyst, you will be responsible for assisting in implementation of key security requirements across the business. You will build and maintain Security Control Frameworks and conduct periodic testing of security controls. You will conduct third-party risk review in collaboration with the procurement, legal, and finance teams. You will also assist in identifying, documenting, and managing remediation of risks identified to the business.
This role is also a career-defining opportunity, as you will be a part of a fast-growing tech company that is successfully implementing a key piece of the world’s blockchain infrastructure designed to power the digital agreements of the future.
Your Impact
Assist in the development and maintenance of security standards and guidelines
Assist in the development and execution of security risk assessment process, including documentation and implementation of risk treatment. Maintain up-to-date security risk register
Manage the development of security compliance programs leveraging industry security frameworks (SOC 2, ISO 27001, GDPR, NIST CSF, etc.)
Provide guidance for the risk treatment/management process to team members
Help with implementation and management of the GRC tools
Identify KPIs and other related metrics and develop dashboards for reporting
Make recommendations to management regarding programs, processes, etc.
Conduct comprehensive third-party risk assessment of potential and existing vendors to evaluate their security posture in collaboration with Finance and Legal teams
Assist in completing security due diligence questionnaires from potential customers
Engage in team-building events, community engagement, team off-sites, peer-review & management review cycles and activities
Requirements
5-10 years of experience in Security Governance Risk & Compliance practice
Experience working in fast paced technology or Web 3 companies
Experience working on major security compliance programs like SOC2, ISO 27001, CSA STAR, NIST CSF etc.
Strong technical background working on complex engineering, security and operations projects and initiatives
Ability to identify and assess security risk to the organization
Experience or knowledge in securing enterprise SaaS applications, cloud infrastructure and other relevant technology
Ability to apply critical thinking skills to assess and solve complex security and compliance issues
Ability to maintain detailed relevant documentation to support compliance requirements
Strong communication skills, in particular around objectively measuring risk
Desired Qualifications
Education or experience in the Information Security field
Certification in any of the following : CISSP, CEH, CRISC, AWS/Azure/CGP security, ISO 27001 Lead Auditor or Implementer, FAIR etc.
Experience in implementing security awareness and training programs for engineering teams
High sense of ownership, urgency, and drive as well as ability to collaborate cross functionally
Excellent project management, relationship management, are all skills that will be key to be successful in this role
All roles with Chainlink Labs are global and remote-based. Unless otherwise stated, we ask that you try to overlap some working hours with Eastern Standard Time (EST).
Commitment to Equal Opportunity
Chainlink Labs is an equal opportunity employer. All qualified applicants will receive equal consideration for employment in compliance with applicable laws, regulations, or ordinances. If you need assistance or accommodation due to a disability or special need when applying for a role or in our recruitment process, please contact us via this form.
Global Data Privacy Notice for Job Candidates and Applicants
Information collected and processed as part of your Chainlink Labs Careers profile, and any job applications you choose to submit is subject to our Privacy Policy. By submitting your application, you are agreeing to our use and processing of your data as required.
Security Assurance Analyst
To see similar active jobs please follow this link: Remote Development jobs
About Us
Chainlink Labs is the primary contributing developer of Chainlink, the decentralized computing platform powering the verifiable web. Chainlink is the industry-standard platform for providing access to real-world data, offchain computation, and secure cross-chain interoperability across any blockchain. Chainlink Labs helps power verifiable applications for banking, DeFi, global trade, and gaming by collaborating with some of the world’s largest financial institutions, notably Swift, DTCC, and ANZ. Chainlink Labs also works with top Web3 teams, including Aave, Compound, GMX, Maker, and Synthetix. Chainlink Labs was ranked in Newsweek’s 100 Most Loved Workplaces 2023 in both the United States and United Kingdom.
The Security Team
The security department is the guardian of Chainlink Labs’ people and infrastructure. Its principal objective is to safeguard Chainlink Labs and its assets against potential threats from any external or internal source. This mission is accomplished through a combination of specialized security engineering, the deployment of cutting-edge technologies, forward-thinking policy development, and the training of highly skilled, security-aware personnel throughout the entire organization.
As an indispensable component of the larger organization, the team seeks to promote a widely understood culture of security, safeguarding our most valuable assets while remaining agile and accessible to all employees and the community.
As a Security Assurance Analyst, you will be responsible for assisting in implementation of key security requirements across the business. You will build and maintain Security Control Frameworks and conduct periodic testing of security controls. You will conduct third-party risk review in collaboration with the procurement, legal, and finance teams. You will also assist in identifying, documenting, and managing remediation of risks identified to the business.
This role is also a career-defining opportunity, as you will be a part of a fast-growing tech company that is successfully implementing a key piece of the world’s blockchain infrastructure designed to power the digital agreements of the future.
Your Impact
Assist in the development and maintenance of security standards and guidelines
Assist in the development and execution of security risk assessment process, including documentation and implementation of risk treatment. Maintain up-to-date security risk register
Manage the development of security compliance programs leveraging industry security frameworks (SOC 2, ISO 27001, GDPR, NIST CSF, etc.)
Provide guidance for the risk treatment/management process to team members
Help with implementation and management of the GRC tools
Identify KPIs and other related metrics and develop dashboards for reporting
Make recommendations to management regarding programs, processes, etc.
Conduct comprehensive third-party risk assessment of potential and existing vendors to evaluate their security posture in collaboration with Finance and Legal teams
Assist in completing security due diligence questionnaires from potential customers
Engage in team-building events, community engagement, team off-sites, peer-review & management review cycles and activities
Requirements
5-10 years of experience in Security Governance Risk & Compliance practice
Experience working in fast paced technology or Web 3 companies
Experience working on major security compliance programs like SOC2, ISO 27001, CSA STAR, NIST CSF etc.
Strong technical background working on complex engineering, security and operations projects and initiatives
Ability to identify and assess security risk to the organization
Experience or knowledge in securing enterprise SaaS applications, cloud infrastructure and other relevant technology
Ability to apply critical thinking skills to assess and solve complex security and compliance issues
Ability to maintain detailed relevant documentation to support compliance requirements
Strong communication skills, in particular around objectively measuring risk
Desired Qualifications
Education or experience in the Information Security field
Certification in any of the following : CISSP, CEH, CRISC, AWS/Azure/CGP security, ISO 27001 Lead Auditor or Implementer, FAIR etc.
Experience in implementing security awareness and training programs for engineering teams
High sense of ownership, urgency, and drive as well as ability to collaborate cross functionally
Excellent project management, relationship management, are all skills that will be key to be successful in this role
All roles with Chainlink Labs are global and remote-based. Unless otherwise stated, we ask that you try to overlap some working hours with Eastern Standard Time (EST).
Commitment to Equal Opportunity
Chainlink Labs is an equal opportunity employer. All qualified applicants will receive equal consideration for employment in compliance with applicable laws, regulations, or ordinances. If you need assistance or accommodation due to a disability or special need when applying for a role or in our recruitment process, please contact us via this form.
Global Data Privacy Notice for Job Candidates and Applicants
Information collected and processed as part of your Chainlink Labs Careers profile, and any job applications you choose to submit is subject to our Privacy Policy. By submitting your application, you are agreeing to our use and processing of your data as required.