Senior Analyst, Security Compliance

Our Krakenites are a world-class team with crypto conviction, united by our desire to discover and unlock the potential of crypto and blockchain technology.

What makes us different?

Kraken is a mission-focused company rooted in crypto values. As a Krakenite, you’ll join us on our mission to accelerate the global adoption of crypto, so that everyone can achieve financial freedom and inclusion. For over a decade, Kraken’s focus on our mission and crypto ethos has attracted many of the most talented crypto experts in the world.

Before you apply, please read the Kraken Culture page to learn more about our internal culture, values, and mission. We also expect candidates to familiarize themselves with the Kraken app. Learn how to create a Kraken account here.

As a fully remote company, we have Krakenites in 70+ countries who speak over 50 languages. Krakenites are industry pioneers who develop premium crypto products for experienced traders, institutions, and newcomers to the space. Kraken is committed to industry-leading security, crypto education, and world-class client support through our products like Kraken Pro, Kraken NFT, and Kraken Futures.

Become a Krakenite and build the future of crypto!

The Team

Kraken’s world-class security team is growing. As we continue to grow and mature our information technology controls program, we need someone with a strong information technology controls and external audit background to help build our program and tooling for enterprise scale. 

This role will be reporting through Kraken’s Security Compliance function. You will have the benefit of partnering with domain experts in our existing information technology audit program and enterprise infrastructure and technology stack, while still having the opportunity to come up with creative solutions in the emergent field of designing and implementing a robust Web3 controls program. 

We are leaders in the Security space. You will be partnering with peers who have served on and led global audit and consulting teams across big four organizations. Kraken is a founding member of several new Web3 standards organizations and you will also have the chance to make a lasting impact on the industry as a whole. 

The ideal candidate will be comfortable working across a variety of teams, including Finance, Technology, Engineering, and Security to help make informed decisions. 

This is a fully remote role.

The Opportunity

• Facilitate improvement of company IT general controls (ITGC) and IT application controls (ITAC) towards levels of maturity that are consistent with Sarbanes Oxley (SOX) standards

• Lead efforts to undergo System Organization Control 1 (“SOC 1”) and System and Organization Control (“SOC 2”) examinations under AICPA standards, leveraging information technology controls and external audit expertise to implement or enhance processes 

• Assist with scoping of IT systems and create and deliver training to owners in preparation for SOX audits, regulatory examinations and other information technology audits

• Collaborate with stakeholders across the organization to foster mature processes to meet and exceed financial services industry standards regarding information technology controls 

• Implement or enhance controls monitoring and defense-in-depth across key IT risk areas

• Lead and perform security control gap assessments over security control environment and design and track remediation efforts to completion

• Create data flow diagrams or process flowcharts for high-risk security or financial processes 

• Work closely with internal and external auditors to educate them about a complex information technology control environment 

• Perform impact analysis for control deficiencies identified over SOX environment and partner with owning teams to design remediation plan 

• Oversee quality of audit initiatives, identify and analyze process gaps, provide guidance and expertise to team members

• Build close relationships with stakeholder teams including Security, IT, Infrastructure, Engineering, Data, and Finance to advise on SOX requirements and ensure excellence in control ownership

• Identify opportunities to address systemic program challenges, recommend solutions and drive issue resolution 

• Support the audit evidence collection process including through exploration of process efficiencies, for example via an automation tool

Skills You Should HODL

• Minimum of 5+ years of external IT audit and/or technology risk assurance/advisory 

• Strong knowledge and hands-on experience in Internal Controls over Financial Reporting, SOX 404 frameworks, and testing to support compliance 

• Prior experience at a big 4 or other large public accounting firm 

• Experience leading compliance initiatives from start to finish

• Proven understanding and audit experience of cloud technologies, AWS preferred 

• Ability to effectively and autonomously accomplish outcomes across cross-functional teams in ambiguous situations with minimal supervision

• Strong oral and written communication skills 

• Ability to multitask, direct cross functional work, and hold others accountable to committed deadlines in a fast paced environment 

• Ability to communicate with technical/non-technical stakeholders to align on shared outcomes

• Strong time management skills, self-motivated, and disciplined working remotely

Nice to Haves

• Previous experience working on external integrated financial audit strongly preferred

• Previous experience with Sarbanes Oxley Section 404 ITGC compliance strongly preferred

• Previous experience working at big 4 or public accounting firm preferred

• At least one of professional security management certification such as a Certified Public Accountant (CPA) or Certified Information Systems Auditor (CISA) or Certified in Risk and Information Systems Control (CRISC) other similar credentials, is desired

Location Tagging: #CANUS #LI-DA1

This job is accepting ongoing applications and there is no application deadline.

Please note, applicants are permitted to redact or remove information on their resume that identifies age, date of birth, or dates of attendance at or graduation from an educational institution.

We consider qualified applicants with criminal histories for employment on our team, assessing candidates in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance.

Kraken is powered by people from around the world and we celebrate all Krakenites for their diverse talents, backgrounds, contributions and unique perspectives. We hire strictly based on merit, meaning we seek out the candidates with the right abilities, knowledge, and skills considered the most suitable for the job. We encourage you to apply for roles where you don't fully meet the listed requirements, especially if you're passionate or knowledgable about crypto!

As an equal opportunity employer, we don’t tolerate discrimination or harassment of any kind. Whether that’s based on race, ethnicity, age, gender identity, citizenship, religion, sexual orientation, disability, pregnancy, veteran status or any other protected characteristic as outlined by federal, state or local laws. 

Stay in the know

Follow us on Twitter

Learn on the Kraken Blog

Connect on LinkedIn