Member of Risk Team (GRC Senior Analyst)

At Anchorage Digital, we are building the world’s most advanced digital asset platform for institutions to participate in crypto.
Anchorage Digital is a crypto platform that enables institutions to participate in digital assets through custody, staking, trading, governance, settlement, and the industry's leading security infrastructure. Home to Anchorage Digital Bank N.A., the only federally chartered crypto bank in the U.S., Anchorage Digital also serves institutions through Anchorage Digital Singapore, Porto by Anchorage Digital, and other offerings.
The company is funded by leading institutions including Andreessen Horowitz, GIC, Goldman Sachs, KKR, and Visa, with its Series D valuation over $3 billion. Founded in 2017 in San Francisco, California, Anchorage Digital has offices in New York, New York; Porto, Portugal; Singapore; and Sioux Falls, South Dakota. Learn more at anchorage.com, on X @Anchorage, and on LinkedIn. 
As a Member of Risk Team, GRC Analyst, you’ll get the opportunity to work on various projects across the organization ranging from GRC Process Management, IT Risk Management, Security Risk Assessments, and Continuous Monitoring. This role is highly cross-functional and will cover multiple service offerings and entities (Anchor Labs, Inc., Anchorage Digital Bank, Anchorage Digital Singapore, Anchorage Digital New York, etc.).
You are recognized as a subject matter expert in GRC Management and can apply your skills and knowledge to have significant influence within and outside the team. You are a strong contributor and have the ability to significantly contribute to medium-to-large projects as well as owning small-to-medium projects. You will play a key role in building and scaling foundational elements of the company’s IT risk management and compliance program. You will support the build-out and ongoing maintenance of several key initiatives of the Risk team’s scope and ownership.
You are capable of contributing to the development of company goals and objectives, expected to help define the long-term strategy of IT Risk. You understand the “why” and the “bigger picture” and meaningfully contribute and take ownership of your work.
We have created the Factors of Growth & Impact to help Villagers better measure impact and articulate coaching, feedback, and the rich and rewarding learning that happens while exploring, developing, and mastering the capabilities and contributions within and outside of the Risk Team, GRC Analyst role

Technical Skills:

• Has a complete conceptual knowledge and full understanding in principles, practices, and a working knowledge of GRC Framework.
• Experience with administered GRC Platforms, including, setting up workflows, requirements and access within the tool.
• Applies experience and analytical skills to “connect the dots” between the company’s business and products to the IT environment in order to evaluate whether IT compliance obligations are being met.
• Has working experience in SOC reviews, IT controls, audit processes, information security, policy governance and management.
• Applies critical thinking in creating risk and controls descriptions to be both concise and accurate by working with key stakeholders across the organization business.
• Resolves a wide range of issues in creative ways working directly with control owners to ensure regulatory requirements are being met, including managing and tracking findings (from risk assessments, audits, etc.) from identification to remediation.
• Experience in working with SaaS software engineering teams and have a strong understanding of Cloud Security technologies.

Complexity and Impact of Work:

• Responsible for supporting the entire life-cycle of the company’s GRC Framework, including identifying risks, mapping to regulatory requirements, to planning, control owner coaching/prep, evidence requests, walk-throughs, follow ups, and reporting.
• Can work autonomously, defines priorities under broad direction, and applies problem solving skills to translate regulations and compliance obligations into technical controls, and vice-versa.
• Drives work independently and significantly contributes to medium-to-large cross-functional projects with little oversight and coordinating activities of other project team members.
• Contribute to regulatory exam preparations
• Consistently demonstrates on-time delivery and high quality work product. Where a deadline or commitment is at risk, escalates to manager to help manage priorities, if appropriate, and alerts affected stakeholders so "no surprises.”

Organizational Knowledge:

• Is aware of the strategy of Anchorage and is considered when not only working cross-functionally with security, product, design, engineering, legal, TPRM, people, and external auditors but also understanding how each area is impacted by compliance.
• Influence the IT Risk roadmap and initiatives.
• Understands how the company’s priorities relate to their own area of work, and clearly communicates the ‘why’ behind the work.

Communication and Influence

• Promotes a positive working environment through proper listening, speaking and empathy with team members.
• Embodies and is a role model of our culture pillars.
• Communicates proactively, takes ownership in assigned work/projects, and is comfortable asking questions when something is unclear or to further knowledge in a specific area.
• Contributes to cross-functional projects, collaborates with their team and adjacent teams working directly with subject matter experts and doing meaningful translation of compliance requirements into actionable processes.
• Enhances relationships and networks with senior internal and external stakeholders within their own area of expertise.
• Consistently expresses clear, thoughtful, analytical and solutions-oriented communications, whether in high-impact slides/decks, written communications in slack or email, or verbal communications.

You may be a fit for this role if you have:

• Has 5-10 years of experience in implementing and assisting in the management of GRC Programs in a highly-regulated environment, including proficiency in IT Risk Assessments and Technology Audits.
• Has proven experience in managing risk assessments and audit/testing engagements from planning to reporting with minimal supervision.
• Proficient in implementing and administering GRC Platforms, including, setting up workflows, requirements and managing access within the tool.
• Experience in working with SaaS software engineering teams and have a strong understanding of Cloud Security technologies.
• Certification in one or more of the following audit or security focus areas: CISA, CISSP, CCSP, CISM, etc.

Although not a requirement, bonus points if:

• Strong data analytical skills, capable of interpreting complex data sets to drive business results
• Have experience in Issue Management framework, including drafting issue language, remediation plans, and validate the remediation.
• You were emotionally moved by the soundtrack to Hamilton, which chronicles the founding of a new financial system. :)

About Anchorage Digital: Who we are
The Anchorage Village, what we call our team, brings together the brightest minds from platform security, financial services, and distributed ledger technology to provide the building blocks that empower institutions to safely participate in  the evolving digital asset ecosystem. As a diverse team of more than 300 members, we are united in one common goal: building the future of finance by providing the foundation upon which value moves safely in the new global economy. 
Anchorage Digital is committed to being a welcoming and inclusive workplace for everyone, and we are intentional about making sure people feel respected, supported, and connected at work—regardless of who you are or where you come from. We value and celebrate our differences and we believe being open about who we are allows us to do the best work of our lives. Anchorage Digital is an Equal Opportunity Employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or veteran status. Anchorage Digital considers qualified applicants regardless of criminal histories, consistent with other legal requirements. “Anchorage Digital” refers to services that are offered either through Anchorage Digital Bank National Association, an OCC-chartered national trust bank, or Anchorage Lending CA, LLC a finance lender licensed by the California Department of Financial Protection and Innovation, License No. 60DBO-11976, or Anchorage Digital Singapore Pte Ltd, a Singapore private limited company, all wholly-owned subsidiaries of Anchor Labs, Inc., a Delaware corporation.
Protecting your privacy rights is important to Anchorage Digital, and we work to maintain the trust and confidence of our clients when handling personal or financial information. Please see our privacy policy notices here.