Member of Compliance & Risk, Testing and Monitoring

Anchorage Digital Crypto Bank Security Role

At Anchorage Digital, we are building the world's most advanced digital asset platform for institutions to participate in crypto.

Anchorage Digital is a crypto platform that enables institutions to participate in digital assets through custody, staking, trading, governance, settlement, and the industry's leading security infrastructure. Home to Anchorage Digital Bank N.A., the first federally chartered crypto bank in the U.S., Anchorage Digital also serves institutions through Anchorage Digital Singapore, Porto by Anchorage Digital, and other offerings.

The company is funded by leading institutions including Andreessen Horowitz, GIC, Goldman Sachs, KKR, and Visa, with its Series D valuation over $3 billion. Founded in 2017 in San Francisco, California, Anchorage Digital has offices in New York, New York; Porto, Portugal; Singapore; and Sioux Falls, South Dakota.

With the evolving landscape of digital threats and an increasing volume of sophisticated attacks by malicious actors, we have a security policy mandating all new hires complete an in-person onboarding process - no exceptions. Security is our foundation and we prioritize physical identity verification and secure IT setup. While our security and IT logistics require physical presence to protect our infrastructure from sophisticated global threats, this move is equally about our Village culture. We believe that a laptop can be shipped, but our culture cannot.

As a member of the TMG team, the individual will work on next generation testing practices in the first OCC chartered digital asset bank. This role will assist in enhancing the Bank's Fiduciary and Regulatory Compliance Program through identification of emerging risks and control gaps while scaling foundational IT risk management initiatives ranging from GRC Management, information security controls testing and risk assessment support. This highly cross-functional role covers multiple service offerings and global entities, offering a unique opportunity to manage various projects ranging from Bank's regulatory obligations to Information Security risk assessments.

The successful candidate will be:

• Performing testing activities from end-to-end as a lead to assess design and effectiveness of various compliance and controls to identify potential control gaps for remediation, acting as subject matter expert in both IT and regulatory risk.
• Partnering with Operations, Compliance, Information Security, Engineering, Product, and Legal teams to translate complex regulatory requirements into actionable technical processes.
• Collaborating with risk owners to provide "credible challenge" to remediation plans and track findings from identification through to validation using GRC tools (Audit Board).
• Supporting information security risk assessments as needed.

Technical Skills:

• Manage and execute the testing life cycles using multiple methodologies.
• Strong working knowledge of core banking regulations, including but not limited to Complaint Management, Disclosures, Financial Crimes Compliance, Privacy and Security, and among other essential "alphabet" regulations.
• Has a complete conceptual knowledge and full understanding in principles, practices, and a working knowledge of the full lifecycle of audit / testing methodology, Information Security risk and controls, SOC, policy governance and management.
• Evaluate and interpret information / data to produce meaningful results to risk and control owners.
• Applies experience and analytical skills to "connect the dots" between the company's business and products to the control environment in order to evaluate and identify risks and controls for Anchorage Digital and determine whether compliance obligations are being met.
• Resolves a wide range of issues in creative ways working directly with control owners to ensure regulatory requirements are being met, including managing and tracking findings (from risk assessments, audits, etc.) from identification to remediation.
• Has experience with GRC management tools (e.g., AuditBoard).

Complexity and Impact of Work:

• Execute and manage all phases of Compliance and InfoSec cyclical test reviews (involvement in data gathering, walkthrough discussions, detailed testing, communicating results to management, reporting, issue tracking).
• Prepare fieldwork material and data analytics on the reviews including detailed scoping, accurate, in-depth and well documented fieldwork, and clearly written issues to effectively convey risks identified.
• Collaborate with risk / control owners during the issue remediation phase by providing credible challenge of remediation plans developed by the issue owners to resolve findings.
• Assist with Issue Management framework implementation through metrics and issue tracking and validation.
• Identify and quantify relevant information security threat scenarios and assess the effectiveness of mitigating controls.

Organizational Knowledge:

• Work on complex issues where analysis of situations or data requires an in-depth knowledge of the company.
• Has a deep knowledge of the strategy of Anchorage Digital.
• Engage with other peers to develop methods, techniques and evaluation criteria for projects, programs, and people that have enterprise-wide impact.
• Ensure alignment and integration between initiatives, priorities, people, processes and structures in their department, cross-departments and with the broader strategic priorities of Anchorage Digital.
• Stay aware of changes through cross-functional collaboration to anticipate and prevent obstacles from hindering team performance.
• Collaborate effectively across teams and disciplines to solve problems and resolve technical debates.

Communication and Influence:

• Communicate and work effectively with diverse teams, ability to listen actively and incorporate others' perspectives and have a track record of successful teamwork.
• Ability to adapt to different collaborative settings and resolve conflicts / disagreements diplomatically.
• Communicate complex issues clearly and credibly across a wide range of audiences. Scans the environment for key information and messages to adapt the communication strategy and persuade several diverse stakeholders and audiences.
• Builds effective relationships with stakeholders including clients, team managers, cross-functional partners, and external partners.
• Easy to approach and builds appropriate rapport.

You may be a fit for this role if you have:

• Knowledge of testing life cycles and methodologies.
• Experience in IT risk and information security audits.
• Experience in regulatory compliance, risk management, and auditing practices within the financial services industry.
• Experience in writing crisp, clear, accurate reports to summarize issues identified.
• A proven track record of delivering high quality work products and managing projects with tight timelines and multiple complex priorities.
• The ability to be flexible and pivot fast in an ever-changing environment.

Although not a requirement, bonus points if:

• You have expertise in auditing/testing Anti-Money Laundering programs and trading activities.
• Security certifications such as CISSP, CCSP.
• Understanding of crypto staking and/or governance.
• A technical/engineering background or mindset.
• You have strong SQL or data analytical skills to support the team in pulling data from BigQuery.
• You were emotionally moved by the soundtrack to Hamilton, which chronicles the founding of a new financial system. :)

About Anchorage Digital: Who we are

The Anchorage Village, what we call our team, brings together the brightest minds from platform security, financial services, and distributed ledger technology to provide the building blocks that empower institutions to safely participate in the evolving digital asset ecosystem. As a diverse team of more than 600 members, we are united in one common goal: building the future of finance by providing the foundation upon which value moves safely in the new global economy.

Anchorage Digital is committed to being a welcoming and inclusive workplace for everyone, and we are intentional about making sure people feel respected, supported, and connected at work—regardless of who you are or where you come from. We value and celebrate our differences and we believe being open about who we are allows us to do the best work of our lives.

Anchorage Digital is an Equal Opportunity Employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or veteran status. Anchorage Digital considers qualified applicants regardless of criminal histories, consistent with other legal requirements. "Anchorage Digital" refers to services that are offered either through Anchorage Digital Bank National Association, an OCC-chartered national trust bank, or Anchorage Lending CA, LLC a finance lender licensed by the California Department of Financial Protection and Innovation, License No. 60DBO-11976, or Anchorage Digital Singapore Pte Ltd, a Singapore private limited company, all wholly-owned subsidiaries of Anchor Labs, Inc., a Delaware corporation.

Protecting your privacy rights is important to Anchorage Digital, and we work to maintain the trust and confidence of our clients when handling personal or financial information. Please see our privacy policy notices here.