Senior Analyst, Security Compliance

Building the Future of Crypto Our Krakenites are a world-class team with crypto conviction, united by our desire to discover and unlock the potential of crypto and blockchain technology. What makes us different? Kraken is a mission-focused company rooted in crypto values. As a Krakenite, you’ll join us on our mission to accelerate the global adoption of crypto, so that everyone can achieve financial freedom and inclusion. For over a decade, Kraken’s focus on our mission and crypto ethos has attracted many of the most talented crypto experts in the world. Before you apply, please read the Kraken Culture page to learn more about our internal culture, values, and mission. We also expect candidates to familiarize themselves with the Kraken app. Learn how to create a Kraken account here. As a fully remote company, we have Krakenites in 70+ countries who speak over 50 languages. Krakenites are industry pioneers who develop premium crypto products for experienced traders, institutions, and newcomers to the space. Kraken is committed to industry‑leading security, crypto education, and world‑class client support through our products like Kraken Pro, Desktop, Wallet, and Kraken Futures. Become a Krakenite and build the future of crypto! Proof of work The team Kraken’s world‑class Security Team is growing. As we continue to scale and mature our information technology controls program, we are seeking a senior professional with a strong background in IT controls and external audit to help build and operate a program designed for enterprise scale. This role sits within Kraken’s Security Compliance function and offers close partnership with experienced leaders across our IT program, security organization, and enterprise technology stack. You’ll have the opportunity to establish audit rigor while also helping design and implement a robust, next‑gen controls framework in a rapidly evolving Web3 environment. Kraken is a leader in the security and digital assets space. You will collaborate with peers who have led global audit and consulting teams across Big Four organizations and contribute to initiatives shaping emerging Web3 standards. This role offers the opportunity to make a meaningful and lasting impact both within Kraken and across the broader industry. The ideal candidate is comfortable working cross‑functionally across a variety of teams, including Finance, Technology, Engineering, and Security to inform sound, risk‑based decisions in a fast‑paced environment. This is a fully remote role. The opportunity Lead and manage SOC 1 and SOC 2 examinations under AICPA standards in a complex, rapidly evolving technology environment, partnering with external auditors and internal teams to design, implement, and continuously improve IT control processes Support end‑to‑end SOX planning and execution, including IT system scoping, audit readiness, and development and delivery of training for control owners operating in a high‑growth, regulated business Act as a trusted advisor to Security, IT, Infrastructure, Engineering, Data, and Finance teams, translating SOX and audit requirements into practical, scalable controls aligned with modern technology stacks Lead security and IT control gap assessments, evaluate control design and operating effectiveness, and drive remediation efforts through to completion in partnership with control owners Facilitate the ongoing maturation of IT general controls (ITGCs) and IT application controls (ITACs), balancing regulatory expectations with the pace of product and platform innovation Oversee the quality and execution of audit initiatives, applying strong professional judgment to identify control gaps, assess risk, and guide teams through complex audit and compliance matters Perform impact assessments for SOX control deficiencies and design risk‑based, pragmatic remediation plans that stand up to auditor scrutiny without slowing the business Implement and enhance controls monitoring and defense‑in‑depth across key IT risk areas to improve audit outcomes and strengthen the overall control environment Partner cross‑functionally to identify systemic program challenges, recommend process improvements, and drive durable solutions in a scaling organization Develop and maintain clear, auditor‑ready documentation, including data flow diagrams and process flowcharts for high‑risk security and financial processes Work closely with internal and external auditors, helping them navigate a sophisticated IT control environment and ensuring efficient, high‑quality audits Support audit evidence collection and continuous improvement initiatives, including leveraging automation to improve efficiency, consistency, and scalability Skills you should HODL 5+ years of experience in external IT audit and/or technology risk assurance or advisory, with demonstrated ownership of complex audit requirements Strong hands‑on experience with Internal Controls over Financial Reporting (ICFR), including SOX 404 frameworks, control design, and operating effectiveness testing Prior experience at a Big 4 or other large public accounting firm, or equivalent experience working with external auditors in a highly regulated environment Proven ability to lead compliance and audit initiatives end to end, from planning and risk assessment through remediation and audit close Experience auditing or assessing hybrid and cloud‑based environments (e.g., IaaS, PaaS, SaaS), including access management, change management, and logging/monitoring controls Ability to operate autonomously in ambiguous, fast‑paced environments, driving outcomes across cross‑functional teams with minimal supervision Strong oral and written communication skills, with the ability to clearly explain technical concepts to technical and non‑technical stakeholders Demonstrated ability to manage multiple priorities, coordinate cross‑functional work, and hold stakeholders accountable to agreed timelines Strong organizational and time management skills, with a high degree of self motivation and effectiveness in a remote or distributed working environment Nice to haves Exposure to fintech, payments, crypto, or digital asset business models, an added plus for crypto audit experience Familiarity with risk and control frameworks (e.g., NIST, ISO 27001, COBIT) beyond baseline audit requirements Professional security management certification such as a Certified Public Accountant (CPA) or Certified Information Systems Auditor (CISA) or Certified in Risk and Information Systems Control (CRISC) other similar credentials, is a huge plus What's in it for you Accelerate your technical depth by working in a cutting‑edge, modern infrastructure environment, gaining exposure to cloud‑native architectures and complex, real‑time systems Broaden your impact and perspective by collaborating with highly integrated, globally distributed teams and working alongside world‑class professionals across engineering, security, and other technical disciplines Move beyond “check‑the‑box” compliance to influence how controls are designed and scaled in a fast‑growing, regulated technology business Gain meaningful ownership and visibility while helping shape a maturing audit and compliance program in a dynamic, evolving industry Unless a specific application deadline is stated in the job posting, applications are accepted on an ongoing basis. Please note, applicants are permitted to redact or remove information on their resume that identifies age, date of birth, or dates of attendance at or graduation from an educational institution. We consider qualified applicants with criminal histories for employment on our team, assessing candidates in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance. Kraken is powered by people from around the world and we celebrate all Krakenites for their diverse talents, backgrounds, contributions and unique perspectives. We hire strictly based on merit, meaning we seek out the candidates with the right abilities, knowledge, and skills considered the most suitable for the job. We encourage you to apply for roles where you don't fully meet the listed requirements, especially if you're passionate or knowledgable about crypto! We may ask candidates to complete job‑related skills or work‑style assessments as part of our hiring process. These assessments are designed to evaluate competencies relevant to the role and are applied consistently across candidates for similar positions. Assessment results are considered alongside other relevant information, such as experience and interviews, and are not the sole basis for any employment decision. As an equal opportunity employer, we don’t tolerate discrimination or harassment of any kind. Whether that’s based on race, ethnicity, age, gender identity, citizenship, religion, sexual orientation, disability, pregnancy, veteran status or any other protected characteristic as outlined by federal, state or local laws. Stay in the know Follow us on Twitter Learn on the Kraken Blog Connect on LinkedIn Candidate Privacy Notice #J-18808-Ljbffr Kraken