Deputy Information Security Officer

Summary

Join Kraken as a Senior Analyst and contribute to the company's regional information security, operational resilience, and business continuity initiatives. This fully remote role is crucial for ensuring compliance with European regulations like DORA and MiCA. You will collaborate with stakeholders to perform risk assessments, maintain Business Impact Assessments (BIA), and support Business Continuity Plans (BCP). The position involves working with global security and IT teams to map regional requirements, develop security standards, and participate in audits. You will also assist in regulatory reporting and incident response. This is an ideal opportunity for professionals with experience in IT compliance, security governance, and risk management.

Requirements

• At least 5 years of experience in IT compliance, security governance, and risk management, with professional certifications like CISSP, CISM, ITIL and equivalent
• Strong understanding of security frameworks such as ISO27001, SOC2 or DORA framework
• Experience in business continuity, risk management, or a related field
• Ability to understand technical systems and the business processes they support, and synthesize the corresponding risks and controls
• Project management skills, with the ability to work collaboratively with cross-functional teams
• Ability to prioritize and manage multiple projects and tasks with competing deadlines

Responsibilities

• Prepare, contribute and report to regional risk governance and board committee meetings, highlighting control status, risk exposure, and readiness
• Conduct and document security risk assessments for regional operations and third parties
• Execute and maintain Business Impact Assessments (BIA), integrating outputs into global resilience planning
• Support Business Continuity Plan (BCP) maintenance and testing across regulated entities
• Work closely with Group Security and IT teams to: Map regional requirements into global policies and control frameworks. Contribute to the development and refinement of security standards in alignment with ISO27001 and SOC2. Participate in the drafting and review of MiCA- and DORA-aligned security policies and documentation
• Support periodic security control testing and evidence collection for internal and external audit cycles
• Track and follow up on audit findings and control remediation activities
• Maintain compliance evidence libraries for key regulatory domains (e.g., MiCA, DORA, ISO, SOC)
• Oversee third-party risk assessments, including intragroup ICT outsourcing and vendor resilience
• Assist in compiling responses to regulatory audits, due diligence questionnaires, and license maintenance activities
• Support the RISO in presenting control performance and remediation updates to management
• Act as a liaison between business units and global security teams to ensure security and resilience requirements are understood and embedded in day-to-day operations
• Participate in incident response and post-incident reviews, supporting root cause analysis and documentation

Preferred Qualifications

Previous experience holding a Pre-Approval Control Function for a Central Bank of Ireland authorized entity strongly an advantage