Senior Technology GRC Analyst at Chainalysis (New York City, NY)
Our security team defends the products, data and systems that power Chainalysis. We are committed to building a diverse team of builders, breakers and shapers to address complex security problems in a novel, exciting space.
A GRC Senior Analyst is really good at taking in the inner workings of Chainalysis and harmonizing them with complex risk, governance, and compliance policies. They do this to both create a more secure and compliant environment for our teams and to build trusting relationships with our customers. As a security advocate, you are never satisfied with the status quo and are constantly hunting for threats to an organization.
In one year you’ll know you were successful if…
- You will have led the efforts to help:
- Operationalize various GRC capability areas such as enterprise security risk management, compliance management, and policy management
- Partner with a growing sales team by contributing to the development of customer-facing materials covering topics related to security, privacy, and compliance features of our products and services.
- Led the development and delivery of a Technological Monitoring Program
- Assisted with internal and external audit and risk assessments (eg. SOC2, GDPR, ISO27001)
A background like this helps:
- 3+ years of experience in relevant security or related roles
- Technical Knowledge of Security Engineering Tools, Techniques and Practices
- Understanding of Technological Risk measurements and assessment practices (e.g. Nist 800-30)
- Experience with Software-as-a-Service or cloud service providers industry challenges
- Foundational knowledge of IT Audit/compliance process and activities
- Experience working in a regulated environment enforcing policies and procedures
- Possesses the ability to drive projects to conclusion, while collaborating with a diverse group of professionals from both technical and non-technical backgrounds.
- Able to collect, synthesize, and analyze data from multiple outputs, including computer log sources to draw valid conclusions.
- Strong interpersonal skills and ability to work effectively with diverse and distributed teams
- SOC2, ISO27001, PCI, HITRUST, FEDRAMP and GDPR experience are all big pluses
- Verbal communication and presentation skills.
- Self-motivated with good time management skills
At Chainalysis, we help government agencies, cryptocurrency businesses, and financial institutions track and investigate illicit activity on the blockchain, allowing them to engage confidently with cryptocurrency. We take care of our people with great benefits, professional development opportunities, and fun.
You belong here.
At Chainalysis, we believe that diversity of experience and thought makes us stronger. With both customers and employees around the world, we are committed to ensuring our team reflects the unique communities around us. Some of the ways we’re ensuring we keep learning are an internal Diversity Committee, Days of Reflection throughout the year including International Women’s Day, Juneteenth, Harvey Milk Day, and International Migrant’s Day, and a commitment to continue revisiting and reevaluating our diversity culture.
We encourage applicants across any race, ethnicity, gender/gender expression, age, spirituality, ability, experience and more. Additionally, if you need any accommodations to make our interview process more accessible to you due to a disability, don't hesitate to let us know. You can learn more here. We can’t wait to meet you.
Applying from the EU? Please review our Candidate GDPR Notice.
By submitting this application, I consent to and authorize Chainalysis to contact my former employers, and any and all other persons and organizations for information bearing upon my qualifications for employment. I further authorize the listed employers, schools and personal references to give Chainalysis (without further notice to me) any and all information about my previous employment and education, along with other pertinent information they may have, and hereby waive any actions which I may have against either party(ies) for providing a reference. I understand any future employment will be contingent on the Company receiving satisfactory employment references.
Chainalysis COVID-19 Policy - USA
All employees are required to have or obtain a COVID-19 vaccination as a condition of employment at Chainalysis, unless an exemption has been approved. All employees shall be required to report their vaccine status. All new employees shall be required to provide proof of their vaccination status prior to the start of their employment.
Chainalysis COVID-19 Policy - EMEA
As an employer, Chainalysis is obliged to ensure a healthy and safe working environment. This means that we must try to prevent the coronavirus from spreading inside the workplace and all employees are obliged to follow the local regulations issued by the relevant health authorities.
- To help support a safe work environment, we encourage all employees in EMEA to get fully vaccinated against COVID-19.
- Employees will not be required to attend an event or in-person customer meeting.
- Employees in the EU and the UK are allowed to travel internationally for internal meetings to any country deemed “green or amber” by the EU and the UK authorities. All attendees for Chainalysis in-person events or meetings will be required to adhere to the following guidelines:
- International travel will only be permitted if you receive approval from both your manager and Executive Leader
- You must familiarize yourself and comply with any screening/safety protocols imposed by the entity/individual hosting the in-person meeting or event
- You must comply with any and all safety guidelines and travel restrictions established by applicable law
- If you are in close or proximate contact with others at the event/customer site and test positive for COVID-19, you must immediately notify the People Team and avoid contact with others for 10 days
Chainalysis COVID-19 Policy - APAC
With circumstances changing on a regular basis and parts of our APAC team going in and out of mandatory lockdown, APAC will continue to follow country legislation and guidelines.