Senior Analyst, Security Compliance

Summary

Join Kraken's world-class security team as a fully remote Security Controls Engineer and help build and mature their information technology controls program. You will lead technical controls advisory, plan and lead security assessments (ISO 27001:2022, SOC 2 Type II, PCI DSS v4, SOX), and develop expert-level knowledge on relevant regulations. The role involves designing and deploying AI-powered automations for compliance tasks and collaborating with various teams. You'll contribute to a robust Web3 controls program and have the opportunity to impact the industry. Kraken offers a unique opportunity to work with leading experts in a mission-focused company.

Requirements

• 5–7 years in security engineering or technical external audit/advisory, including hands-on experience with industry frameworks (e.g. ISO 27001, SOC 2, PCI DSS, FedRAMP, NIST)
• Strong long-form and asynchronous writing skills for a fully remote, globally distributed team
• Built and/or made substantial contributions to a common controls framework
• Knowledge of infrastructure as code, CI/CD, orchestration tools, and private key management
• Familiarity with security capabilities for major cloud service providers (e.g. AWS, Azure, GCP)
• Ability to white-board architectures and technical process flows
• Communicate limitations and implementation specifics of technical controls with ease

Responsibilities

• Maintain a systems-level understanding of our global, large-scale technology infrastructure
• Lead technical controls advisory for engineering, security, IT and beyond—keeping our security posture audit-ready and globally compliant across all products and regions
• Plan and lead ISO 27001:2022, SOC 2 Type II, PCI DSS v4, SOX assessments with external assessors and regulators globally
• Develop and sustain expert-level knowledge on regulations impacting Security, IT, Engineering
• Prepare the program for emerging frameworks and new products or jurisdictions without slowing product velocity
• Write, update and enact policies and procedures capturing security requirements
• Design and deploy AI-powered automations that turn manual compliance tasks into real-time, self-service workflows

Preferred Qualifications

• Certifications: CRISC, CISSP, CCNA, CCSP
• Experience at a public technology, financial services, fintech, etc. company
• Hands-on with blockchain relevant security standards and/or crypto-custody controls
• Built LLM or RPA automations that gather audit evidence automatically