Security Manager / CISO, Crypto Facilities

  • Kraken
  • Remote (Europe - or onsite in London)
  • May 19, 2021
Full time Banking Compliance Security & Privacy Strategy-Planning

Job Description

About the role


You'll be joining the Crypto Facilities team to provide Information Security support and advice across the London-based cryptocurrency futures and indices businesses, as well as becoming an extension of the global (and world-class) Kraken IT and Security team.Reporting to the CEO, Crypto Facilities, you'll be the security focused member of a 5-6 FTE DevSecOps team, and will be expected to contribute and learn across the full cloud engineering stack, in addition to deputising for the CISO when it comes to business affairs. You will be (or will become) a "T-shaped" individual with enormous potential to further your career in the burgeoning DevSecOps domain, with the guidance of industry leaders in Security and Infrastructure Engineering, and alongside a mature team of true polyglots, talented microservices developers, infrastructure engineers and SREs.

Requirements -Technical

    • Code or script in at least one modern application development or utility language
    • Use Source Code Management and Document Management systems (e.g. Gitlab, Confluence) to organise business function tasks and publish relevant material
    • Be a competent Linux administrator
    • Know how to build, run and deploy secure Docker containers
    • Be aware of how containers and microservices are configured, and can be secured and orchestrated, in particular using Kubernetes
    • Select, procure, implement, and use tooling to programmatically test and verify the safety and integrity of bespoke software
    • Analyse data sets and produce reports using basic tools (e.g. SQL, POSIX stream processing tools, spreadsheets, ODBC, Python)
    • Understand the principles of secure Identity Management, Authentication, Authorisation and Accounting
    • Understand the implementation of secure messaging and collaboration systems in the context of privacy awareness
    • Have a good comprehension of computer networks, the Internet, and supporting systems such as web servers and proxies
    • Understand DNS, TLS, web protocols, and how traffic on IP networks establishes end-to-end security and trust 

Requirements - Administrative

    • Work highly independently, with multiple stakeholders outside of the formal management structure
    • Take the lead in face-to-face situations where local expertise and general knowledge in Information Security is needed
    • Support the globalisation and / or expansion of the Futures business from a privacy, regulatory, employment and security point of view
    • Write good quality policies, procedures and technical documentation
    • Nurture security awareness in the organisation, curating and producing material to support this, and relate this to the global business, and the current threat landscape
    • Be familiar with risks introduced to organisations by third parties, and processes and practices which can mitigate these
    • Take a risk-based approach to all facets of Information Security, model threats and consider impact and likelihood, play an active part in Incident Response and Purple-teaming
    • Have a "finger on the pulse" of current challenges and exploits in the ecosystem
    • Be an active participant in a truly world class global security organisation

Requirements - Qualifications

    • A degree from an accredited institution, or equivalent relevant experience alongside a good level of general education
    • Familiarity with the spirit and practical application of some of the following: 
    • Cyber Essentials (UK Government)
    • Ten Steps to Cybersecurity (UK Government) 
    • ISO27001, 27002 (International Standards) 
    • GDPR 2016 and DPA 2018 (EU/UK legislation) 
    • Privacy Shield, changes to this, Schrems II, adequacy (EU-US framework) 
    • Optional: relevant and well-regarded certifications in cloud computing such as CKA (Certified Kubernetes Administrator), AWS Professional or Specialty levels, Google Professional level
    • Optional: advanced security accreditation such as CISSP, OSCP, CASP, CCSK

Responsibilities

    • Building application security processes and pipelines to contribute to the development team's move to true Continuous Delivery and Continuous Innovation
    • Working with global Security Risk Management on IS27001 alignment
    • Working with the red team and external providers on vulnerability testing of office and cloud infrastructure 
    • Implementing SAST and DAST systems, dependency scanning with the wider AppSec, SecOps, SRE and Infrastructure teams
    • Implementing and improving secrets management for local and Kraken-wide initiatives
    • Working with global teams on Identity and Access Management projects
    • Relating regional / local business processes and requirements to global controls and policies
    • Writing Futures / region / UK specific (and possibly supplementary) policies and procedures for inclusion in Information Systems Management processes
    • Becoming an active part of the on call, IR and DR structures within Futures
    • Deputising for the CISO and / or fulfilling DevOps responsibilities to cover absence, ensure cross-functional awareness, and to smooth out short term resourcing issues

We’re powered by people from around the world with their own unique backgrounds and experiences. We value all Krakenites and their talents, contributions, and perspectives.
Check out all our open roles at https://www.kraken.com/careers. We’re excited to see what you’re made of.