Job Specifications
Responsibilities
Conduct, design, and implement testing of security controls covering identity management, key management, and infrastructure (network and cloud) configurations
Support client assurance activities, including responding to Requests for Proposals (RFPs), Requests for Information (RFIs), and Due Diligence Questionnaires (DDQs)
Identify and analyze trends in client inquiries and provide feedback to internal teams to improve documentation and control readiness
Perform security due diligence and ongoing monitoring for Web3/blockchain vendors, including assessing their control maturity, reviewing SOC reports and security documentation, and identifying residual risks
Facilitate external audit activities, including coordination of walkthroughs, evidence collection, and response tracking
Identify and analyze gaps in current and new processes, then develop and track remediation recommendations to completion (e.g., onboarding flow)
Develop and maintain understanding of applicable financial regulatory security requirements and ensure alignment of controls
Research and share information security best practices, emerging threats, and mitigation strategies with internal teams
Evaluate and propose next-generation security tools, automation, and technologies to enhance overall security posture
Review blockchain network or protocol upgrades for their potential security impact on the platform
Requirements
At least 8 years of relevant experience in security assurance, audit, compliance, or cloud security engineering
Demonstrated experience testing and validating security controls across IAM, key management, and network/cloud environments
Strong understanding of Identity and Access Management (IAM) principles
Knowledge of cryptographic key management, HSMs, and KMS systems
Solid grasp of cloud and network security architecture and configuration
Proven experience supporting SOC 1, SOC 2, ISO 27001, PCI DSS, or similar external audits and assessments
Exposure to major cloud platforms (AWS, GCP, Azure) and infrastructure-as-code
Experience in preparing client assurance materials, RFP/RFI/DDQ responses, and evidence documentation
Familiarity with blockchain platforms or digital asset custody systems is advantageous
Can work independently and under pressure
Excellent verbal and written communication skills
Pragmatic and solution-oriented approach, ability to balance security requirements with operational feasibility and business needs
We may use artificial intelligence tools to analyze the content of your Resume/CV against the specific requirements for the position. The purpose is to support our recruitment team in reviewing applications more effectively. These tools assist our recruitment team in their evaluation of your application by providing recommendations, but they do not replace human judgment. Final hiring decisions are ultimately made by humans who consider the insights generated by the tools along with other relevant information. If you would like more details about how your personal information is processed, please contact us.
About the Company
Crypto.com was founded in 2016 and is the preferred crypto trading platform for over 100 million users worldwide, as well as the trusted industry leader in regulatory compliance, security, and privacy. We're committed to accelerating the adoption of cryptocurrency through our vision: Cryptocurrency in Every Wallet(tm)
Know more