Join our small, fiery team on our mission to usher in the Bitcoin golden age.
Shakepay is on a mission to usher in a Bitcoin golden age, where Canadians have access to Bitcoin-friendly, secure, and rewarding financial services. When Shakepay launched in 2015, it quickly became one of Canada’s fastest-growing financial institutions. Backed by top venture capitalists having raised $44M+ and trusted by over one million Canadians and counting, Shakepay is reimagining banking for the digital age. People who choose careers at Shakepay are helping shape a future of financial inclusion, opportunity, and prosperity for all Canadians.
Security Analyst - GRC
Welcome to the crypto world where money is data and therefore data breaches could kill a startup. Have a look at the blockchain graveyard: https://magoo.github.io/Blockchain-Graveyard/.
The tl;dr of your role is having Shakepay never show up there.
As the Security Analyst in Governance, Risk & Compliance you will be responsible for partnering with the entire Shakepay organization, including Security, Risk, Compliance, and Legal to mitigate and manage risk at Shakepay. This role will build, implement, maintain and report on Security policies, controls, and all other documentation.
In collaboration with all departments at Shakepay, this role will be responsible for managing all of Security’s audit requirements and controls for SOC2, ISO 27001, and PCI as well as be the internal point of contact for Regulatory and Compliance related requests and tasks.
You will :
Promote Shakepay’s Security First culture and risk management as a value proposition for our customers.
Lead and coordinate audit-related tasks and vendor relationships for our annual SOC2 Type 2 audit.
Develop and maintain policies and controls in support of operational and compliance goals to align with industry frameworks such as NIST, PCI, ISO, etc.
Perform risk assessments, internal audits, and additional tests across teams at Shakepay to ensure systems and processes remain in compliance with in-scope security, regulatory, and compliance controls.
Design and implement a suite of GRC tooling and automations to reduce resources necessary to monitor controls, data collection, and other audit and governance tasks.
Internal point of contact for cross-functional teams for Security related requests
Own Shakepay’s internal vendor management process to ensure high confidence in our partners and vendors.
Great communicator both written and oral with a strong attention to detail
Successfully owned and authored Security audits and reports (SOC2 Type 2, ISO 27001, PCI, HIPAA, GDPR, etc.)
Strong experience in managing enterprise risk and mitigation efforts through effective control maintenance and reporting
Hands-on technical experience with the IT and Security controls and processes which you will own
The ability to delegate tasks while maintaining a sense of ownership to the overarching goal
Nice to have
What you get :
Potentially life-changing stock options. We believe everyone at Shakepay should have the financial upside for building a generational company
Remote-friendly work environment: work from anywhere in Canada. If you're in Montreal, you can work from the office
Generous vacation time: we think time off is essential, and highly encourage it.
Personal development: we're here to help you define and hit your personal career goals so that you can get where you want to be
Continued learning: every Shaker gets a yearly budget to spend on learning
Employer-covered group insurance: health, dental, paramedical, disability and travel coverage to ensure you're at your best
Get paid in Bitcoin: choose to take a percentage of your salary in the hardest, soundest money the world has ever known
A collaborative and friendly team: we succeed together and we have fun doing it
MacBook: company-issued laptop to make sure you're doing your best work
Equipment stipend: every Shaker receives a stipend to use toward setting up their home office
We understand that potential can be just as valuable as experience. If you're eager to learn, grow, and contribute to the mission but worry that you may not have the “right” experience, we still want you to apply. We encourage applications from everyone, regardless of background and life experience. We’re firm believers thata little bit of slope makes up for a lot of y-intercept.
Fluency in English is required due to the percentage of English-speaking customers and the nature of our platform, which is available to all Canadians.
When applying, mention the word CANDYSHOP to show you read the job post completely. This is a beta feature to avoid spam applicants. Companies can search these words to find applicants that read this and see they are human RMTguMjA3LjE2MC45NwM