Kraken
Senior Analyst, Security Compliance
Kraken, Brazil, Indiana, United States, 47834
Building the Future of Crypto
Our Krakenites are a world-class team with crypto conviction, united by our desire to discover and unlock the potential of crypto and blockchain technology.What makes us different?Kraken is a mission-focused company rooted in crypto values. As a Krakenite, you’ll join us on our mission to accelerate the global adoption of crypto, so that everyone can achieve financial freedom and inclusion. For over a decade, Kraken’s focus on our mission and crypto ethos has attracted many of the most talented crypto experts in the world.As a fully remote company, we have Krakenites in 70+ countries who speak over 50 languages. Krakenites are industry pioneers who develop premium crypto products for experienced traders, institutions, and newcomers to the space. Kraken is committed to industry-leading security, crypto education, and world-class client support through our products like Kraken Pro, Kraken NFT, and Kraken Futures.Become a Krakenite and build the future of crypto!The Team
Kraken’s world-class security team is growing. As we continue to grow and mature our information technology controls program, we need someone with a strong information technology controls and external audit background to help build our program and tooling for enterprise scale.This role will be reporting through Kraken’s Security Compliance function. You will have the benefit of partnering with domain experts in our existing information technology audit program and enterprise infrastructure and technology stack, while still having the opportunity to come up with creative solutions in the emergent field of designing and implementing a robust Web3 controls program.The ideal candidate will be comfortable working across a variety of teams, including Finance, Technology, Engineering, and Security to help make informed decisions.This is a fully remote role.The Opportunity
Facilitate improvement of company IT general controls (ITGC) and IT application controls (ITAC) towards levels of maturity that are consistent with Sarbanes Oxley (SOX) standards.
Lead efforts to undergo System Organization Control 1 (SOC 1) and System and Organization Control (SOC 2) examinations under AICPA standards, leveraging information technology controls and external audit expertise to implement or enhance processes.
Assist with scoping of IT systems and create and deliver training to owners in preparation for SOX audits, regulatory examinations and other information technology audits.
Collaborate with stakeholders across the organization to foster mature processes to meet and exceed financial services industry standards regarding information technology controls.
Implement or enhance controls monitoring and defense-in-depth across key IT risk areas.
Lead and perform security control gap assessments over security control environment and design and track remediation efforts to completion.
Create data flow diagrams or process flowcharts for high-risk security or financial processes.
Work closely with internal and external auditors to educate them about a complex information technology control environment.
Perform impact analysis for control deficiencies identified over SOX environment and partner with owning teams to design remediation plan.
Oversee quality of audit initiatives, identify and analyze process gaps, provide guidance and expertise to team members.
Build close relationships with stakeholder teams including Security, IT, Infrastructure, Engineering, Data, and Finance to advise on SOX requirements and ensure excellence in control ownership.
Identify opportunities to address systemic program challenges, recommend solutions and drive issue resolution.
Support the audit evidence collection process including through exploration of process efficiencies, for example via an automation tool.
Skills You Should HODL
Minimum of 5+ years of external IT audit and/or technology risk assurance/advisory.
Strong knowledge and hands-on experience in Internal Controls over Financial Reporting, SOX 404 frameworks, and testing to support compliance.
Prior experience at a big 4 or other large public accounting firm.
Experience leading compliance initiatives from start to finish.
Proven understanding and audit experience of cloud technologies, AWS preferred.
Ability to effectively and autonomously accomplish outcomes across cross-functional teams in ambiguous situations with minimal supervision.
Strong oral and written communication skills.
Ability to multitask, direct cross functional work, and hold others accountable to committed deadlines in a fast paced environment.
Ability to communicate with technical/non-technical stakeholders to align on shared outcomes.
Strong time management skills, self-motivated, and disciplined working remotely.
Nice to Haves
Previous experience working on external integrated financial audit strongly preferred.
Previous experience with Sarbanes Oxley Section 404 ITGC compliance strongly preferred.
Previous experience working at big 4 or public accounting firm preferred.
At least one of professional security management certification such as a Certified Public Accountant (CPA) or Certified Information Systems Auditor (CISA) or Certified in Risk and Information Systems Control (CRISC) other similar credentials, is desired.
#J-18808-Ljbffr
Our Krakenites are a world-class team with crypto conviction, united by our desire to discover and unlock the potential of crypto and blockchain technology.What makes us different?Kraken is a mission-focused company rooted in crypto values. As a Krakenite, you’ll join us on our mission to accelerate the global adoption of crypto, so that everyone can achieve financial freedom and inclusion. For over a decade, Kraken’s focus on our mission and crypto ethos has attracted many of the most talented crypto experts in the world.As a fully remote company, we have Krakenites in 70+ countries who speak over 50 languages. Krakenites are industry pioneers who develop premium crypto products for experienced traders, institutions, and newcomers to the space. Kraken is committed to industry-leading security, crypto education, and world-class client support through our products like Kraken Pro, Kraken NFT, and Kraken Futures.Become a Krakenite and build the future of crypto!The Team
Kraken’s world-class security team is growing. As we continue to grow and mature our information technology controls program, we need someone with a strong information technology controls and external audit background to help build our program and tooling for enterprise scale.This role will be reporting through Kraken’s Security Compliance function. You will have the benefit of partnering with domain experts in our existing information technology audit program and enterprise infrastructure and technology stack, while still having the opportunity to come up with creative solutions in the emergent field of designing and implementing a robust Web3 controls program.The ideal candidate will be comfortable working across a variety of teams, including Finance, Technology, Engineering, and Security to help make informed decisions.This is a fully remote role.The Opportunity
Facilitate improvement of company IT general controls (ITGC) and IT application controls (ITAC) towards levels of maturity that are consistent with Sarbanes Oxley (SOX) standards.
Lead efforts to undergo System Organization Control 1 (SOC 1) and System and Organization Control (SOC 2) examinations under AICPA standards, leveraging information technology controls and external audit expertise to implement or enhance processes.
Assist with scoping of IT systems and create and deliver training to owners in preparation for SOX audits, regulatory examinations and other information technology audits.
Collaborate with stakeholders across the organization to foster mature processes to meet and exceed financial services industry standards regarding information technology controls.
Implement or enhance controls monitoring and defense-in-depth across key IT risk areas.
Lead and perform security control gap assessments over security control environment and design and track remediation efforts to completion.
Create data flow diagrams or process flowcharts for high-risk security or financial processes.
Work closely with internal and external auditors to educate them about a complex information technology control environment.
Perform impact analysis for control deficiencies identified over SOX environment and partner with owning teams to design remediation plan.
Oversee quality of audit initiatives, identify and analyze process gaps, provide guidance and expertise to team members.
Build close relationships with stakeholder teams including Security, IT, Infrastructure, Engineering, Data, and Finance to advise on SOX requirements and ensure excellence in control ownership.
Identify opportunities to address systemic program challenges, recommend solutions and drive issue resolution.
Support the audit evidence collection process including through exploration of process efficiencies, for example via an automation tool.
Skills You Should HODL
Minimum of 5+ years of external IT audit and/or technology risk assurance/advisory.
Strong knowledge and hands-on experience in Internal Controls over Financial Reporting, SOX 404 frameworks, and testing to support compliance.
Prior experience at a big 4 or other large public accounting firm.
Experience leading compliance initiatives from start to finish.
Proven understanding and audit experience of cloud technologies, AWS preferred.
Ability to effectively and autonomously accomplish outcomes across cross-functional teams in ambiguous situations with minimal supervision.
Strong oral and written communication skills.
Ability to multitask, direct cross functional work, and hold others accountable to committed deadlines in a fast paced environment.
Ability to communicate with technical/non-technical stakeholders to align on shared outcomes.
Strong time management skills, self-motivated, and disciplined working remotely.
Nice to Haves
Previous experience working on external integrated financial audit strongly preferred.
Previous experience with Sarbanes Oxley Section 404 ITGC compliance strongly preferred.
Previous experience working at big 4 or public accounting firm preferred.
At least one of professional security management certification such as a Certified Public Accountant (CPA) or Certified Information Systems Auditor (CISA) or Certified in Risk and Information Systems Control (CRISC) other similar credentials, is desired.
#J-18808-Ljbffr