Kraken is hiring a

Web3 Regional ISO

Building the Future of Crypto 

Our Krakenites are a world-class team with crypto conviction, united by our desire to discover and unlock the potential of crypto and blockchain technology.

What makes us different?

Kraken is a mission-focused company rooted in crypto values. As a Krakenite, you’ll join us on our mission to accelerate the global adoption of crypto, so that everyone can achieve financial freedom and inclusion. For over a decade, Kraken’s focus on our mission and crypto ethos has attracted many of the most talented crypto experts in the world.

Before you apply, please read the Kraken Culture page to learn more about our internal culture, values, and mission.

As a fully remote company, we have Krakenites in 60+ countries who speak over 50 languages. Krakenites are industry pioneers who develop premium crypto products for experienced traders, institutions, and newcomers to the space. Kraken is committed to industry-leading security, crypto education, and world-class client support through our products like Kraken Pro, Kraken NFT, and Kraken Futures.

Become a Krakenite and build the future of crypto!

Proof of Work

The Team

Kraken is seeking a dedicated Regional ISO to focus on ensuring regional operations are in line with the global Payward cybersecurity program and guide compliance solutions, where needed. Being the key point of contact to interface with regulators, this leadership role will work as part of the internal Security Governance, Risk, and Compliance function to map internal controls, continuously identify region-specific requirements, and best position Kraken to meet and exceed regional compliance demands in a way that levels up Kraken’s overall security posture.

This role will be composed of 3 main responsibilities - defining regulatory baseline and strategy, preparing regulatory reporting procedures, and being the main point of contact to interface with regulators during audits or incidents that meet reporting thresholds.

The Opportunity

Define Regulatory Baseline in line with Payward’s Global Security Strategy

• Set UK and EU security compliance baseline; this includes driving a program that drives structure yet remains flexible enough to incorporate changing laws and applicable regulations as they evolve (i.e. Central Bank Operational Resilience Guidance and the Digital Operational Resilience Act).

• Ensure regional security policies are regularly maintained, communicated, and adhered to by all necessary personnel.

• Cohesively relate regional/local business processes and requirements to global controls and policies, ensuring UK and EU entities are in lockstep with the Payward group on standards and best practices where possible to not reinvent the wheel. Propose global policy updates, where possible, to level up the entire global security posture. 

• Writing E-Money Institution/VASP/region/UK/Ireland specific (and possibly supplementary) policies and procedures for inclusion in Information Systems Management processes.

• Schedule or oversee the implementation of periodic security audits, penetration testing and vulnerability testing as required.

• Conduct regular internal reporting within the global security risk management framework to brief the executive team and local in-region Boards of Directors on current risks, upcoming requirements, and other relevant regional updates.

• Continuous Improvement: Keep abreast of the latest developments in security governance, incorporating best practices and emerging trends into the organization’s governance framework.
  

  Prepare Regulatory Reporting Procedures

• Oversee the design and implementation of a clear incident response workflow specific to UK and EU regulatory requirements and SLAs; this includes maintaining disaster recovery, business continuity plans, and ensuring tabletops take place in line with Payward’s operational resiliency strategy.

• Take an active part in on-call, incident resolution and reporting, and disaster recovery processes within Europe and UK operations

• Raise awareness of UK and EU-specific reporting requirements to key stakeholders.

• Help set security information and event monitoring capabilities to detect security anomalies that are considered reportable events. Drive built-in reporting automation, where possible.

  Interface with Regulators

• Review investigations after breaches or incidents, including an impact analysis and recommendations for avoiding similar vulnerabilities.

• Drive timely and comprehensive due diligence questionnaires and audit responses. 

Skills you should HODL

• Self-starter, highly driven, enthusiastic with a can-do attitude, execution mindset, approachable and excellent team player

• Able to form relationships with people across all levels of the company, strategic thinker with excellent leadership, communication, listening & writing skills

• Professional certifications like CISSP, CISM, or equivalent

• Knowledge of security frameworks such as ISO27001 and/or SOC2 required

• Previous experience in managing inter-group outsourcing arrangements in accordance with FCA, CBI and EBA guidelines

• Previous experience holding a Pre-Approval Control Function for a Central Bank of Ireland authorized entity is preferred

• Experience in crypto/payments/fintech strongly preferred

Location Tagging: #EU #LI-Remote #LI-DA1

Kraken is powered by people from around the world and we celebrate all Krakenites for their diverse talents, backgrounds, contributions and unique perspectives. We hire strictly based on merit, meaning we seek out the candidates with the right abilities, knowledge, and skills considered the most suitable for the job. We encourage you to apply for roles where you don't fully meet the listed requirements, especially if you're passionate or knowledgable about crypto!

As an equal opportunity employer, we don’t tolerate discrimination or harassment of any kind. Whether that’s based on race, ethnicity, age, gender identity, citizenship, religion, sexual orientation, disability, pregnancy, veteran status or any other protected characteristic as outlined by federal, state or local laws. 

Stay in the know

Follow us on Twitter

Learn on the Kraken Blog

Connect on LinkedIn

Apply Now: