Security Assurance Analyst
Posted on Saturday, January 13, 2024
Chainlink Labs is the primary contributing developer of Chainlink, the decentralized computing platform powering the verifiable web. Chainlink is the industry-standard platform for providing access to real-world data, offchain computation, and secure cross-chain interoperability across any blockchain. Chainlink Labs helps power verifiable applications for banking, DeFi, global trade, and gaming by collaborating with some of the world’s largest financial institutions, notably Swift, DTCC, and ANZ. Chainlink Labs also works with top Web3 teams, including Aave, Compound, GMX, Maker, and Synthetix. Chainlink Labs was ranked in Newsweek’s 100 Most Loved Workplaces 2023 in both the United States and United Kingdom.
The Security Team
The security department is the guardian of Chainlink Labs’ people and infrastructure. Its principal objective is to safeguard Chainlink Labs and its assets against potential threats from any external or internal source. This mission is accomplished through a combination of specialized security engineering, the deployment of cutting-edge technologies, forward-thinking policy development, and the training of highly skilled, security-aware personnel throughout the entire organization.
As an indispensable component of the larger organization, the team seeks to promote a widely understood culture of security, safeguarding our most valuable assets while remaining agile and accessible to all employees and the community.
As a Security Assurance Analyst, you will be responsible for assisting in implementation of key security requirements across the business. You will build and maintain Security Control Frameworks and conduct periodic testing of security controls. You will conduct third-party risk review in collaboration with the procurement, legal, and finance teams. You will also assist in identifying, documenting, and managing remediation of risks identified to the business.
This role is also a career-defining opportunity, as you will be a part of a fast-growing tech company that is successfully implementing a key piece of the world’s blockchain infrastructure designed to power the digital agreements of the future.
- Assist in the development and maintenance of security standards and guidelines
- Assist in the development and execution of security risk assessment process, including documentation and implementation of risk treatment. Maintain up-to-date security risk register
- Manage the development of security compliance programs leveraging industry security frameworks (SOC 2, ISO 27001, GDPR, NIST CSF, etc.)
- Provide guidance for the risk treatment/management process to team members
- Help with implementation and management of the GRC tools
- Identify KPIs and other related metrics and develop dashboards for reporting
- Make recommendations to management regarding programs, processes, etc.
- Conduct comprehensive third-party risk assessment of potential and existing vendors to evaluate their security posture in collaboration with Finance and Legal teams
- Assist in completing security due diligence questionnaires from potential customers
- Engage in team-building events, community engagement, team off-sites, peer-review & management review cycles and activities
- 5-10 years of experience in Security Governance Risk & Compliance practice
- Experience working in fast paced technology or Web 3 companies
- Experience working on major security compliance programs like SOC2, ISO 27001, CSA STAR, NIST CSF etc.
- Strong technical background working on complex engineering, security and operations projects and initiatives
- Ability to identify and assess security risk to the organization
- Experience or knowledge in securing enterprise SaaS applications, cloud infrastructure and other relevant technology
- Ability to apply critical thinking skills to assess and solve complex security and compliance issues
- Ability to maintain detailed relevant documentation to support compliance requirements
- Strong communication skills, in particular around objectively measuring risk
- Education or experience in the Information Security field
- Certification in any of the following : CISSP, CEH, CRISC, AWS/Azure/CGP security, ISO 27001 Lead Auditor or Implementer, FAIR etc.
- Experience in implementing security awareness and training programs for engineering teams
- High sense of ownership, urgency, and drive as well as ability to collaborate cross functionally
- Excellent project management, relationship management, are all skills that will be key to be successful in this role
All roles with Chainlink Labs are global and remote-based. Unless otherwise stated, we ask that you try to overlap some working hours with Eastern Standard Time (EST).
Commitment to Equal Opportunity
Chainlink Labs is an equal opportunity employer. All qualified applicants will receive equal consideration for employment in compliance with applicable laws, regulations, or ordinances. If you need assistance or accommodation due to a disability or special need when applying for a role or in our recruitment process, please contact us via this form.
Global Data Privacy Notice for Job Candidates and Applicants