Security Assurance Analyst

About Us

Chainlink Labs is the primary contributing developer of Chainlink the decentralized computing platform powering the verifiable web. Chainlink is the industry-standard platform for providing access to real-world data offchain computation and secure cross-chain interoperability across any blockchain. Chainlink Labs helps power verifiable applications for banking DeFi global trade and gaming by collaborating with some of the world’s largest financial institutions notably Swift DTCC and ANZ. Chainlink Labs also works with top Web3 teams including Aave Compound GMX Maker and Synthetix. Chainlink Labs was ranked in Newsweek’s 100 Most Loved Workplaces 2023 in both the United States and United Kingdom .

The Security Team

The security department is the guardian of Chainlink Labs’ people and infrastructure. Its principal objective is to safeguard Chainlink Labs and its assets against potential threats from any external or internal source. This mission is accomplished through a combination of specialized security engineering the deployment of cutting-edge technologies forward-thinking policy development and the training of highly skilled security-aware personnel throughout the entire organization.

As an indispensable component of the larger organization the team seeks to promote a widely understood culture of security safeguarding our most valuable assets while remaining agile and accessible to all employees and the community.

As a Security Assurance Analyst you will be responsible for assisting in implementation of key security requirements across the business. You will build and maintain Security Control Frameworks and conduct periodic testing of security controls. You will conduct third-party risk review in collaboration with the procurement legal and finance teams. You will also assist in identifying documenting and managing remediation of risks identified to the business.

This role is also a career-defining opportunity as you will be a part of a fast-growing tech company that is successfully implementing a key piece of the world’s blockchain infrastructure designed to power the digital agreements of the future.

Your Impact

• Assist in the development and maintenance of security standards and guidelines

• Assist in the development and execution of security risk assessment process including documentation and implementation of risk treatment. Maintain up-to-date security risk register

• Manage the development of security compliance programs leveraging industry security frameworks (SOC 2 ISO 27001 GDPR NIST CSF etc.)

• Provide guidance for the risk treatment/management process to team members

• Help with implementation and management of the GRC tools

• Identify KPIs and other related metrics and develop dashboards for reporting

• Make recommendations to management regarding programs processes etc.

• Conduct comprehensive third-party risk assessment of potential and existing vendors to evaluate their security posture in collaboration with Finance and Legal teams

• Assist in completing security due diligence questionnaires from potential customers

• Engage in team-building events community engagement team off-sites peer-review & management review cycles and activities

Requirements

• 5-10 years of experience in Security Governance Risk & Compliance practice

• Experience working in fast paced technology or Web 3 companies

• Experience working on major security compliance programs like SOC2 ISO 27001 CSA STAR NIST CSF etc.

• Strong technical background working on complex engineering security and operations projects and initiatives

• Ability to identify and assess security risk to the organization

• Experience or knowledge in securing enterprise SaaS applications cloud infrastructure and other relevant technology

• Ability to apply critical thinking skills to assess and solve complex security and compliance issues

• Ability to maintain detailed relevant documentation to support compliance requirements

• Strong communication skills in particular around objectively measuring risk

Desired Qualifications

• Education or experience in the Information Security field

• Certification in any of the following : CISSP CEH CRISC AWS/Azure/CGP security ISO 27001 Lead Auditor or Implementer FAIR etc.

• Experience in implementing security awareness and training programs for engineering teams

• High sense of ownership urgency and drive as well as ability to collaborate cross functionally

• Excellent project management relationship management are all skills that will be key to be successful in this role

All roles with Chainlink Labs are global and remote-based. Unless otherwise stated we ask that you try to overlap some working hours with Eastern Standard Time (EST).

Commitment to Equal Opportunity

Chainlink Labs is an equal opportunity employer. All qualified applicants will receive equal consideration for employment in compliance with applicable laws regulations or ordinances. If you need assistance or accommodation due to a disability or special need when applying for a role or in our recruitment process please contact us via this form .

Global Data Privacy Notice for Job Candidates and Applicants

Information collected and processed as part of your Chainlink Labs Careers profile and any job applications you choose to submit is subject to our Privacy Policy . By submitting your application you are agreeing to our use and processing of your data as required.