Security Compliance Analyst
Crypto.com, Hong Kong

About Crypto.com

Crypto.com was founded in 2016 on a simple belief: it's a basic human right for everyone to control their money, data and identity. With over 3 million users on its platform today, Crypto.com provides a powerful alternative to traditional financial services, turning its vision of "cryptocurrency in every wallet" into reality, one customer at a time. Crypto.com is built on a solid foundation of security, privacy and compliance and is the first cryptocurrency company in the world to have CCSS Level 3, ISO27001:2013 and PCI:DSS 3.2.1, Level 1 compliance. Crypto.com is headquartered in Hong Kong with a 500+ strong team.

For more information, please visit www.crypto.com.

As our Security Compliance Analyst, you will be tasked with security compliance activities along with our journey. You are expected to take the initiative to assist us on several security compliance programs and certifications. You are required to address and review compliance gaps and give recommendations and support on remediation activities. You will also be trusted to provide technical advice to ensure that security compliance requirements are met throughout all business units.

Key responsibilities include

• Assist in our security compliance programs including ISO27001, PCI-DSS, GDPR, etc
• Participate in internal security assessments, internal audits, customer audits, compliance certifications, third-party risk management and customer security questionnaire responses
• Provide accurate and consistent responses to customers or third-party security and compliance enquiries
• Perform security compliance risk activities including conducting annual and project risk amp; control assessments and third-party assessments including managing remediation activities
• Design necessary control required to comply with international standards and regulations
• Evaluate technical and organisational controls to ensure effectiveness and compliance, including managing the control remediation efforts

Requirements

• Experience in information security, IT audit or IT risk management related roles.
• Prefer experience with one or more of the following: conducting security control assessments, risk assessments or audits.
• Prefer experience with any of the following: PCI-DSS, SOC2, NIST cybersecurity framework, ISO 27000 security standards, and data protection regulations and requirements.
• Holders of security related certifications/qualifications will be an advantage (CISSP, CGEIT, CRISC, CISM, CISA etc)
• Minimum 3 years of hands-on experience in a fast paced working environment

You are also expected to:

• Demonstrate a strong commitment to personal learning and development
• Detail minded with an analytical mindset
• Good communication skills with an ability to explain complex technical issues to non-technical business users
• Proficiency in both spoken and written English

Benefits

• We offer an attractive compensation package working in a cutting-edge field of Fintech.
• Huge responsibilities from Day 1.
• Be the owner of your own learning curve.
• The possibilities are limitless and depend on you
• You get to work in a very dynamic environment and be part of an international team
• You will get to have involvement in developing a brand new product from scratch alongside with a talented team

Job Rewards and Benefits