Deputy Regional Information Security Officer

Our Krakenites are a world-class team with crypto conviction, united by our desire to discover and unlock the potential of crypto and blockchain technology.

What makes us different?

Kraken is a mission-focused company rooted in crypto values. As a Krakenite, you’ll join us on our mission to accelerate the global adoption of crypto, so that everyone can achieve financial freedom and inclusion. For over a decade, Kraken’s focus on our mission and crypto ethos has attracted many of the most talented crypto experts in the world.

Before you apply, please read the Kraken Culture page to learn more about our internal culture, values, and mission. We also expect candidates to familiarize themselves with the Kraken app. Learn how to create a Kraken account here.

As a fully remote company, we have Krakenites in 70+ countries who speak over 50 languages. Krakenites are industry pioneers who develop premium crypto products for experienced traders, institutions, and newcomers to the space. Kraken is committed to industry-leading security, crypto education, and world-class client support through our products like Kraken Pro, Desktop, Wallet, and Kraken Futures.

Become a Krakenite and build the future of crypto!

The team

We are seeking a highly capable Senior Analyst to support regional information security, operational resilience, and business continuity initiatives. This role is vital in ensuring compliance with European regulatory requirements such as DORA and MiCA, maintaining continuity across critical functions, and enhancing Payward’s regional security governance. The Senior Analyst will collaborate closely with the RISO and relevant stakeholders to execute day-to-day operational and analytical activities such as risk assessments, BIAs, control validation, and regulatory reporting support. This role is ideal for professionals who thrive on executing key security and resilience functions with precision, consistency, and insight.

The opportunity

• Prepare, contribute and report to regional risk governance and board committee meetings, highlighting control status, risk exposure, and readiness.

• Conduct and document security risk assessments for regional operations and third parties.

• Execute and maintain Business Impact Assessments (BIA), integrating outputs into global resilience planning.

• Support Business Continuity Plan (BCP) maintenance and testing across regulated entities

• Work closely with Group Security and IT teams to:

  • Map regional requirements into global policies and control frameworks.

  • Contribute to the development and refinement of security standards in alignment with ISO27001 and SOC2.

  • Participate in the drafting and review of MiCA- and DORA-aligned security policies and documentation.

• Support periodic security control testing and evidence collection for internal and external audit cycles.

• Track and follow up on audit findings and control remediation activities.

• Maintain compliance evidence libraries for key regulatory domains (e.g., MiCA, DORA, ISO, SOC).

• Oversee third-party risk assessments, including intragroup ICT outsourcing and vendor resilience.

• Assist in compiling responses to regulatory audits, due diligence questionnaires, and license maintenance activities.

• Support the RISO in presenting control performance and remediation updates to management.

• Act as a liaison between business units and global security teams to ensure security and resilience requirements are understood and embedded in day-to-day operations.

• Participate in incident response and post-incident reviews, supporting root cause analysis and documentation.

Skills you should HODL

• At least 5 years of experience in IT compliance, security governance, and risk management, with professional certifications like CISSP, CISM, ITIL and equivalent.

• Strong understanding of security frameworks such as ISO27001,  SOC2 or DORA framework

• Experience in business continuity, risk management, or a related field.

• Ability to understand technical systems and the business processes they support, and synthesize the corresponding risks and controls.

• Project management skills, with the ability to work collaboratively with cross-functional teams.

• Ability to prioritize and manage multiple projects and tasks with competing deadlines.

• Previous experience holding a Pre-Approval Control Function for a Central Bank of Ireland authorized entity strongly an advantage.

#LI-Remote

This job is accepting ongoing applications and there is no application deadline.

Please note, applicants are permitted to redact or remove information on their resume that identifies age, date of birth, or dates of attendance at or graduation from an educational institution.

We consider qualified applicants with criminal histories for employment on our team, assessing candidates in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance.

Kraken is powered by people from around the world and we celebrate all Krakenites for their diverse talents, backgrounds, contributions and unique perspectives. We hire strictly based on merit, meaning we seek out the candidates with the right abilities, knowledge, and skills considered the most suitable for the job. We encourage you to apply for roles where you don't fully meet the listed requirements, especially if you're passionate or knowledgable about crypto!

As an equal opportunity employer, we don’t tolerate discrimination or harassment of any kind. Whether that’s based on race, ethnicity, age, gender identity, citizenship, religion, sexual orientation, disability, pregnancy, veteran status or any other protected characteristic as outlined by federal, state or local laws. 

Stay in the know

Follow us on Twitter

Learn on the Kraken Blog

Connect on LinkedIn