CoinList is hiring a

Web3 Security Risk Management

CoinList is where the world’s best crypto projects build their communities and early adopters can invest in and trade top-tier digital assets. Our mission is to accelerate the advancement of blockchain technology, by finding the best emerging blockchain projects and helping them succeed. CoinList has become the global leader in new token issuance, helping blue chip projects like Solana, Filecoin, Celo, Dapper Labs, and others raise over $1B and connect them with hundreds of thousands of new token holders. And we now support the full lifecycle of crypto investment, from token sales through token distribution, trading, lending, and crypto-specific services such as staking and access to decentralized-finance opportunities. CoinList users trade and store Bitcoin, Ether, and many other popular crypto assets through CoinList.co, CoinList Pro (our full-service exchange), and mobile apps, while also getting exclusive access to the best new tokens before they list on other exchanges.

Unlike other centralized crypto finance platforms, we're not here to just build a bank or a brokerage. We're building the platform for people who are passionate about moving crypto forward, and we’re just getting started. Come join us and propel the future of crypto!

The director of security risk management is a leader who understands understands the interconnection of security, technology, risk, and compliance within a high tech company . This individual will play a crucial role constructing security processes, and procedures, understanding risks to our internal systems and business partners, designing and operating GRC systems and helping drive security control frameworks for security certifications. This individual will work closely with other security professionals at CoinList as well as the CISO. This role will be responsible for multiple critical security programs and act as the central point of many security activities across CoinList.

Who you are:

• You are an experienced security rsisk professional - 7+ years in roles focused on managing security risk within a highly technical company.
• You take a modern approach to security - You understand the intent of security controls and frameworks and recognize that these must be interpreted in the context of modern technology approaches. You are experienced with modern companies that are cloud first and a distributed workforce and are comfortable articulating to auditors how our security controls meet control objectives.
• You have significant experience with security frameworks - Proven experience working with common security frameworks and regulatory requirements (e.g., SOC, ISO/IEC 2700X, Sox, Nist etc.)
• You have experience drafting security policies and procedures - Prior experience creating and updating security policies to be compliant with security frameworks and helpful to employees.
• You are experienced working with general IT controls and interfacing with auditors - Prior experience managing security and IT general controls and driving discussions with auditors or third party reviewers
• You take a pragmatic and organized approach to security - You have experience with GRC tools and organizational approaches to manage numerous security controls and initiatives across multiple teams and stakeholders.
• You systematically tackle complex big tasks - Ability to execute on large projects, breaking down complex objectives into individual tasks and working with other stakeholders across the company

What you will do:

• Drive Risk Analysis and Prioritization - Conduct systematic risk assessment activities to build and maintain our prioritized list of technical risks which impacts prioritization of remediation activities
• Define Security Controls for Security Efficacy and Compliance - Research current practices to document existing security controls and understand gaps to prioritize
• Drive Security Governance, Risk and Compliance Activities - Drive the security risk management program and ensure we are continually maturing our controls appropriately for our business and future growth
• Vendor Risk Program - Manage and mature our vendor risk assessment program
• Readiness Activities - Direct and perform security control audit readiness testing, document results, and coordinate resolution activities with internal or external teams
• Security Audit - Prepare artifacts and readiness reviews to demonstrate our security program to auditor or potential customers

Requirements:

[optional section. Can also include 'nice to haves']

As an early employee at CoinList, you will be a critical part of our core team and have a huge influence over the direction of the company. We will compensate you well, invest deeply in your development, and do everything we can to make sure this is the single best work experience of your life. At CoinList, we are proud to be an Equal Opportunity Employer. We celebrate diversity, value our differences, and are committed to creating an inclusive environment for all employees.

Apply Now: