Senior Analyst, Security Compliance

Our Krakenites are a world-class team with crypto conviction, united by our desire to discover and unlock the potential of crypto and blockchain technology.

What makes us different?

Kraken is a mission-focused company rooted in crypto values. As a Krakenite, you’ll join us on our mission to accelerate the global adoption of crypto, so that everyone can achieve financial freedom and inclusion. For over a decade, Kraken’s focus on our mission and crypto ethos has attracted many of the most talented crypto experts in the world.

Before you apply, please read the Kraken Culture page to learn more about our internal culture, values, and mission. We also expect candidates to familiarize themselves with the Kraken app. Learn how to create a Kraken account here.

As a fully remote company, we have Krakenites in 70+ countries who speak over 50 languages. Krakenites are industry pioneers who develop premium crypto products for experienced traders, institutions, and newcomers to the space. Kraken is committed to industry-leading security, crypto education, and world-class client support through our products like Kraken Pro, Desktop, Wallet, and Kraken Futures.

Become a Krakenite and build the future of crypto!

Kraken’s world-class security team is growing. As we continue to grow and mature our information technology controls program, we need someone with a strong information technology controls and external audit background to help build our program and tooling for enterprise scale.

This role will be reporting through Kraken’s Security Compliance function. You will have the benefit of partnering with domain experts in our existing information technology audit program and enterprise infrastructure and technology stack, while still having the opportunity to come up with creative solutions in the emergent field of designing and implementing a robust Web3 controls program.

We are leaders in the Security space. You will be partnering with peers who have served on and led global audit and consulting teams across large public enterprises. Kraken is a founding member of several new Web3 standards organizations and you will also have the chance to make a lasting impact on the industry as a whole.

The ideal candidate will be comfortable working across a variety of teams, including Security, Information Technology, Product and Engineering to help make informed decisions.

This is a fully remote role.

• Maintain a systems-level understanding of our global, large-scale technology infrastructure.

• Lead technical controls advisory for engineering, security, IT and beyond—keeping our security posture audit-ready and globally compliant across all products and regions.

• Plan and lead ISO 27001:2022, SOC 2 Type II, PCI DSS v4, SOX assessments with external assessors and regulators globally.

• Develop and sustain expert-level knowledge on regulations impacting Security, IT, Engineering

• Prepare the program for emerging frameworks and new products or jurisdictions without slowing product velocity.

• Write, update and enact policies and procedures capturing security requirements.

• Design and deploy AI-powered automations that turn manual compliance tasks into real-time, self-service workflows.

• 7+ years in security engineering or technical external audit/advisory, including hands-on experience with industry frameworks (e.g. ISO 27001, SOC 2, PCI DSS, FedRAMP, NIST).

• Strong long-form and asynchronous writing skills for a fully remote, globally distributed team.

• Built and/or made substantial contributions to a common controls framework.

• Knowledge of infrastructure as code, CI/CD, orchestration tools, and private key management.

• Familiarity with security capabilities for major cloud service providers (e.g. AWS, Azure, GCP).

• Ability to white-board architectures and technical process flows.

• Communicate limitations and implementation specifics of technical controls with ease.

• Certifications: CRISC, CISSP, CCNA, CCSP

• Experience at a public technology, financial services, fintech, etc. company.

• Hands-on with blockchain relevant security standards and/or crypto-custody controls.

• Built or advised on LLM-based or general automations to manage stages of an assessment or control process.

#LI-Remote

This job is accepting ongoing applications and there is no application deadline.

Please note, applicants are permitted to redact or remove information on their resume that identifies age, date of birth, or dates of attendance at or graduation from an educational institution.

We consider qualified applicants with criminal histories for employment on our team, assessing candidates in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance.

Kraken is powered by people from around the world and we celebrate all Krakenites for their diverse talents, backgrounds, contributions and unique perspectives. We hire strictly based on merit, meaning we seek out the candidates with the right abilities, knowledge, and skills considered the most suitable for the job. We encourage you to apply for roles where you don't fully meet the listed requirements, especially if you're passionate or knowledgable about crypto!

As an equal opportunity employer, we don’t tolerate discrimination or harassment of any kind. Whether that’s based on race, ethnicity, age, gender identity, citizenship, religion, sexual orientation, disability, pregnancy, veteran status or any other protected characteristic as outlined by federal, state or local laws.

Stay in the know

Follow us on Twitter

Learn on the Kraken Blog

Connect on LinkedIn