Information Security GRC Analyst
Full Time
Others
Job Description
The Cybersecurity and Data Privacy team reports directly under the office of the CISO headed by Chief Information Security Officer (CISO) Jason Lau ( https://www.linkedin.com/in/jasonciso/ ) who has over 23+ years of experience in the cybersecurity space, awarded Global Top 100 CISO, and also serves on the World Economic Forum, International Association of Privacy Professionals and more.
The team comprises of multiple functions from Blockchain Security, Operational Security, Security Governance and Compliance and more. We drive a culture of having a growth mindset and being humble to help everyone achieve their potential. Security and Data Privacy Compliance first strategy which has been at the core of our company. The security team helped to drive us to be the first Crypto company worldwide to achieve ISO27001, ISO27701, ISO22301 and PCI:DSS 3.2.1 (Level 1) certifications. Extremely detailed third party attested by international audit firm SGS and achieved "Adaptive (Tier 4)" - the highest level possible for the US National Institute of Standards and Technology (NIST) Cybersecurity Framework and the latest NIST Privacy Framework as well as SOC2 and many other regional certifications like the Data Protection Trust Mark.
As our Information Security Analyst, you will be participating in the Global Information Security Governance, Risk Management and Compliance (GRC) team based in Hong Kong responsible for ensuring the firm's information security governance, risk, and compliance are enforced and managed systematically, and monitoring key trends and emerging risks that could potentially affect the firm's overall security and privacy posture. The GRC team operates in a fast-paced and dynamic environment and utilizes the best industry frameworks to effectively identify, evaluate, monitor and manage the firm's technology and information security governance, risk and compliance issues in support of the firm's growth and strategic plan.
Responsibility
#LI-Hybrid
Life @ Crypto.com
Empowered to think big. Try new opportunities while working with a talented, ambitious and supportive team.
Transformational and proactive working environment. Elevate employees to find thoughtful and innovative solutions.
Growth from within. We help to develop new skill-sets that would impact the shaping of your personal and professional growth.
Work Culture. Our colleagues are some of the best in the industry; we are all here to help and support one another.
One cohesive team. Engage stakeholders to achieve our ultimate goal - Cryptocurrency in every wallet.
Are you ready to kickstart your future with us?
Benefits
Competitive salary
Medical insurance package with extended coverage to dependents
Attractive annual leave entitlement including: birthday, work anniversary
Work Flexibility Adoption. Flexi-work hour and hybrid or remote set-up
Aspire career alternatives through us. Our internal mobility program can offer employees a diverse scope.
Work Perks: crypto.com visa card provided upon joining
Our Crypto.com benefits packages vary depending on region requirements, you can learn more from our talent acquisition team.
About Crypto.com :
Founded in 2016, Crypto.com serves more than 80 million customers and is the world's fastest growing global cryptocurrency platform. Our vision is simple: Cryptocurrency in Every Wallet™. Built on a foundation of security, privacy, and compliance, Crypto.com is committed to accelerating the adoption of cryptocurrency through innovation and empowering the next generation of builders, creators, and entrepreneurs to develop a fairer and more equitable digital ecosystem.
Learn more at https://crypto.com .
Crypto.com is an equal opportunities employer and we are committed to creating an environment where opportunities are presented to everyone in a fair and transparent way. Crypto.com values diversity and inclusion, seeking candidates with a variety of backgrounds, perspectives, and skills that complement and strengthen our team.
Personal data provided by applicants will be used for recruitment purposes only.
Please note that only shortlisted candidates will be contacted.
The team comprises of multiple functions from Blockchain Security, Operational Security, Security Governance and Compliance and more. We drive a culture of having a growth mindset and being humble to help everyone achieve their potential. Security and Data Privacy Compliance first strategy which has been at the core of our company. The security team helped to drive us to be the first Crypto company worldwide to achieve ISO27001, ISO27701, ISO22301 and PCI:DSS 3.2.1 (Level 1) certifications. Extremely detailed third party attested by international audit firm SGS and achieved "Adaptive (Tier 4)" - the highest level possible for the US National Institute of Standards and Technology (NIST) Cybersecurity Framework and the latest NIST Privacy Framework as well as SOC2 and many other regional certifications like the Data Protection Trust Mark.
As our Information Security Analyst, you will be participating in the Global Information Security Governance, Risk Management and Compliance (GRC) team based in Hong Kong responsible for ensuring the firm's information security governance, risk, and compliance are enforced and managed systematically, and monitoring key trends and emerging risks that could potentially affect the firm's overall security and privacy posture. The GRC team operates in a fast-paced and dynamic environment and utilizes the best industry frameworks to effectively identify, evaluate, monitor and manage the firm's technology and information security governance, risk and compliance issues in support of the firm's growth and strategic plan.
Responsibility
- Support the delivery of global security governance, risk management and compliance strategies
- Support and maintain a security compliance framework across global entities that can align with the company's compliance and Internal audits requirements
- Support governance over information security policies, processes, standards and procedures
- Participant in regulatory compliance assessment in accordance with regulations and circulars from different countries
- Participant in external and internal audits, such as ISO 27001, NIST, PCI-DSS, SOC 2 Type 1/2 and other security compliance projects
- Involve maturity model and track of information security controls
- Support global security governance and compliance process
- Support security questionnaire from internal/external security audit and organize/document the common answers and approaches for future audits
- Assist security risk management within the business units
- Bachelor's degree or higher in information technology, cyber security or related field
- 3+ years of experience in a information security role
- Strong leadership and excellent communication skills
- Understanding of Information Risk, security control, data privacy related regulations (e.g. CCPA, SG PDPA, EU GDPR) within the financial services and banking industry
- Strong knowledge and practical working experiences in delivering global projects of international data privacy and information security frameworks including NIST Cybersecurity & Privacy Framework, ISO 27001, ISO 27701, CIS, SOC 2 Type 1/2 Report, PCI-DSS, ISAE 3000, ITIL, and COBIT as well as experience in IPO and M&A
- Demonstrable work experience delivering effective business and technical security solutions, processes, tools, and high performing teams
- Good working knowledge of the latest information technology security trends and emerging threats is essential
- Experience in implementing risk management principles and methodologies within a security or technology function
- Good project management experience and skills
- Strong analytical and problem-solving skills are must-have
- Having one of the below security or privacy qualification is a plus - CRISC, CISSP, CCSP, CISM, CISA, ISO 27001 Lead Auditor, IAPP CIPP / CIPM, OSCP, SANS
- An understanding of cloud infrastructure technologies and associated risks would be beneficial
#LI-Hybrid
Life @ Crypto.com
Empowered to think big. Try new opportunities while working with a talented, ambitious and supportive team.
Transformational and proactive working environment. Elevate employees to find thoughtful and innovative solutions.
Growth from within. We help to develop new skill-sets that would impact the shaping of your personal and professional growth.
Work Culture. Our colleagues are some of the best in the industry; we are all here to help and support one another.
One cohesive team. Engage stakeholders to achieve our ultimate goal - Cryptocurrency in every wallet.
Are you ready to kickstart your future with us?
Benefits
Competitive salary
Medical insurance package with extended coverage to dependents
Attractive annual leave entitlement including: birthday, work anniversary
Work Flexibility Adoption. Flexi-work hour and hybrid or remote set-up
Aspire career alternatives through us. Our internal mobility program can offer employees a diverse scope.
Work Perks: crypto.com visa card provided upon joining
Our Crypto.com benefits packages vary depending on region requirements, you can learn more from our talent acquisition team.
About Crypto.com :
Founded in 2016, Crypto.com serves more than 80 million customers and is the world's fastest growing global cryptocurrency platform. Our vision is simple: Cryptocurrency in Every Wallet™. Built on a foundation of security, privacy, and compliance, Crypto.com is committed to accelerating the adoption of cryptocurrency through innovation and empowering the next generation of builders, creators, and entrepreneurs to develop a fairer and more equitable digital ecosystem.
Learn more at https://crypto.com .
Crypto.com is an equal opportunities employer and we are committed to creating an environment where opportunities are presented to everyone in a fair and transparent way. Crypto.com values diversity and inclusion, seeking candidates with a variety of backgrounds, perspectives, and skills that complement and strengthen our team.
Personal data provided by applicants will be used for recruitment purposes only.
Please note that only shortlisted candidates will be contacted.
Other open positions
New positions coming soon.