Information Security Manager

About Kraken
Kraken is changing the world. Join the revolution!
Our mission is to accelerate the adoption of cryptocurrency so that you and the rest of the world can achieve financial freedom and inclusion. Founded in 2011 and with over 4 million clients, Kraken is one of the world’s largest, most successful bitcoin exchanges and we’re growing faster than ever. Our range of successful products are playing an important role in the mainstream adoption of crypto assets. We attract people who constantly push themselves to think differently and chart exciting new paths in a rapidly growing industry. Kraken is a diverse group of dreamers and doers who see value in being radically transparent.
In less than a decade Kraken has risen to become one of the best and most respected crypto exchanges in the world. We are changing the way the world thinks about money and finance. The crypto industry is experiencing unprecedented growth and Kraken is leading the charge. We’ve grown from 70 Krakenites in January 2018 to over 1200 today and we have no intention of slowing down.
The Information Security Manager is responsible for the company's global IT Risk Management program and associated processes and services. They will lead a team of seasoned information technology professionals who design, develop, execute and maintain all aspects of the company’s IT Risk Management program including executing risk reviews of critical programs and technology solutions, maintaining the IT Risk Register, auditing and overseeing IT risk mitigation plans, developing and communicating IT Policies, Control Objectives and Standards, evaluating and reporting compliance to regulatory and customer requirements for information management, conducting 3rd party risk assessments and responding to customer risk assessments. This position works across all functions to address enterprise risks and provides expert consulting to business operations.

Responsibilities

• Manage and maintain the IT Risk Management strategy, program and associated services.
• Manage and maintain the communication of IT policies, control objectives and standards.
• Identify the IT investments needed to ensure compliance with regulatory, contractual and internal requirements.
• Implement risk-based controls that are fully auditable and compliant with business and regulatory standards.
• Develop and produce Executive-level and Management scorecards to measure, monitor and report on IT Risk posture and control effectiveness.
• Analyze business processes and systems and guide needed improvements that properly mitigate risk in alignment with the risk appetite.
• Ensure the technologies and processes used worldwide meet all required information risk and information management requirements.
• Consult at an expert level to support customer compliance requirements for new product development and enhancement of existing solutions.
• Design and conduct 3rd party service provider risk assessments.
• Assist resource owners and IT staff in understanding and responding to IT audit failures reported by internal and external auditing departments.
• Apprise IT management regarding new and pending regulatory requirements and recommend plans of action.
• Conduct security and risk due diligence related to acquisitions, divestitures & joint ventures.

Requirements

• Minimum of 10 years’ relevant experience
• Advanced knowledge of IT processes and technical environments with 10+ years’ experience in one or more of the following: architecture, customer and governmental compliance, data protection and privacy, information classification, core applications and critical infrastructure operations and support, business continuity/disaster recovery, enterprise risk management.
• Knowledge of global regulatory requirements, including cybersecurity, data privacy and global trade compliance
• Strong leadership and talent development competencies
• Excellent written and oral communication and presentation skills, including experience and acumen in technical writing best practices
• Proven ability to describe complex technical requirements in understandable terms
• Proven ability to develop metrics and scorecards to measure process and control effectiveness

Preferred Qualifications

•  MBA or other advanced degree preferred
• CRISC, CISM or CISA certifications preferred
• Experience with cybersecurity regulations and regulatory best practices, such as those promulgated by the SEC, NYDFS, CCPA, etc
• Experience with SOC2 and ISO27001

We’re powered by people from around the world with their own unique backgrounds and experiences. We value all Krakenites and their talents, contributions, and perspectives.
Check out all our open roles at https://jobs.lever.co/kraken. We’re excited to see what you’re made of.  
Learn more about us
Watch "Working at Kraken" Follow us on TwitterCatch up on our blogFollow us on LinkedIn