Deputy Regional Information Security Officer

Our Krakenites are a world-class team with crypto conviction, united by our desire to discover and unlock the potential of crypto and blockchain technology.

Kraken is a mission-focused company rooted in crypto values. As a Krakenite, you’ll join us on our mission to accelerate the global adoption of crypto, so that everyone can achieve financial freedom and inclusion. For over a decade, Kraken’s focus on our mission and crypto ethos has attracted many of the most talented crypto experts in the world.

Before you apply, please read the Kraken Culture page to learn more about our internal culture, values, and mission. We also expect candidates to familiarize themselves with the Kraken app. Learn how to create a Kraken account here.

As a fully remote company, we have Krakenites in 70+ countries who speak over 50 languages. Krakenites are industry pioneers who develop premium crypto products for experienced traders, institutions, and newcomers to the space. Kraken is committed to industry-leading security, crypto education, and world‑class client support through our products like Kraken Pro, Desktop, Wallet, and Kraken Futures.

We are seeking a highly capable Deputy Regional Information Security Officer (RISO) to help lead our efforts to maintain, scale, and evolve our security governance, operational resilience, and regulatory alignment. This role is vital in ensuring compliance with European regulatory requirements such as DORA and MiCA, maintaining continuity across critical functions, and enhancing Kraken's regional security governance. This is a high‑impact, high‑trust role for a security governance professional who thrives at the intersection of technology, compliance, and financial services.

• Regulatory Governance

  • Serve as the senior information security officer for appointed entities, with accountability for ICT and resilience oversight

  • Prepare board and committee reporting on security, risk, and regulatory compliance

  • Support audits, inspections, and regulatory interactions with authorities

• ICT Risk & Security

  • Oversee ICT and security risk assessments, control implementation, and remediation tracking

  • Maintain entity‑level policies aligned with DORA, MiCA, and applicable regulations

  • Coordinate control testing and documentation with global security and compliance teams

  • Manage regulatory classification and reporting of ICT‑related incidents

  • Maintain documentation and controls for outsourcing and vendor risk

• Operational Resilience

  • Lead BIAs, critical function mapping, and continuity planning

  • Coordinate continuity and recovery testing aligned with regulatory requirements

  • Ensure oversight of ICT third parties and intra‑group outsourcing arrangements

• Group Liaison

  • Act as the key contact between entity‑level stakeholders and the RISO Lead

  • Ensure local implementation of group frameworks, policies, and resilience standards

  • Represent entity priorities in group‑led initiatives and forums

This role requires appointment to the PCF‑49 function under the Central Bank of Ireland for one regulated entity. You are not expected to currently hold a PCF designation, though previous experience holding such a position would be an advantage.

• 5+ years’ experience in security governance, resilience, or compliance in regulated environments

• Deep understanding of EU regulations (DORA) and security frameworks (ISO27001)

• Proven experience conducting risk assessments, BIAs, and resilience planning in a regulated financial services or fintech setting

• Familiarity with ICT outsourcing and third‑party risk management in a group structure

• Ability to understand technical systems and the business processes they support, and synthesize the corresponding risks and controls

• Project management skills, with the ability to work collaboratively with cross‑functional teams

• Certifications such as CISSP, CISM, CRISC, CISA, or equivalent preferred

This job is accepting ongoing applications and there is no application deadline.

Please note, applicants are permitted to redact or remove information on their resume that identifies age, date of birth, or dates of attendance at or graduation from an educational institution.

We consider qualified applicants with criminal histories for employment on our team, assessing candidates in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance.

Kraken is powered by people from around the world and we celebrate all Krakenites for their diverse talents, backgrounds, contributions and unique perspectives. We hire strictly based on merit, meaning we seek out the candidates with the right abilities, knowledge, and skills considered the most suitable for the job. We encourage you to apply for roles where you don't fully meet the listed requirements, especially if you're passionate or knowledgable about crypto!

As an equal opportunity employer, we don’t tolerate discrimination or harassment of any kind. Whether that’s based on race, ethnicity, age, gender identity, citizenship, religion, sexual orientation, disability, pregnancy, veteran status or any other protected characteristic as outlined by federal, state or local laws.

Follow us on Twitter

Learn on the Kraken Blog

Connect on LinkedIn

Candidate Privacy Notice