People Matter

Member of Information Security (Global)

Anchorage Digital

Anchorage Digital

IT
United States
Posted on Aug 17, 2024
At Anchorage Digital, we are building the world’s most advanced digital asset platform for institutions to participate in crypto.
Anchorage Digital is a crypto platform that enables institutions to participate in digital assets through custody, staking, trading, governance, settlement, and the industry's leading security infrastructure. Home to Anchorage Digital Bank N.A., the only federally chartered crypto bank in the U.S., Anchorage Digital also serves institutions through Anchorage Digital Singapore, Porto by Anchorage Digital.
The company is funded by leading institutions including Andreessen Horowitz, GIC, Goldman Sachs, KKR, and Visa, with its Series D valuation over $3 billion. Founded in 2017 in San Francisco, California, Anchorage Digital has offices in New York, New York; Porto, Portugal; Singapore; and Sioux Falls, South Dakota. Learn more at anchorage.com, on X @Anchorage, and on LinkedIn.
As a Member of the Global Information & Security Team at Anchorage Digital, you will have the opportunity to help build and scale a forward-looking security program that not only ensures the security of our data and our client’s digital assets but also meets the necessary regulatory requirements, including but not limited to those established by Gramm–Leach–Bliley Act Safeguards Rule and Federal Financial Institutions Examination Council, New York State Department of Financial Services, and Monetary Authority of Singapore. You will work on various information security areas such as risk and cybersecurity assessments, threat modeling, creating and maintaining key controls, and compiling reporting, metrics, analysis, and controls commensurate with regulatory standards. You are recognized as an expert in cybersecurity and IT risk management and you excel in program management.
As part of the Anchorage Digital’s Global Information & Security Team, you are responsible for identifying and evaluating threats to the company’s Information Security Program and for creating and improving controls to help manage Anchorage Digital’s operational risks in line with regulatory requirements. You are also responsible for ensuring these controls continue to perform as expected, without any issues or deviations.
You are capable of contributing to the development of company goals and objectives, expected to help drive the long-term strategy of the Information Security Team. You are a strong contributor and have the ability to significantly contribute to medium-to-large projects and overall Anchorage Digital culture. You not only understand the “why” and the “bigger picture”, but meaningfully contribute to prioritizing the work within the team. Additionally, you will have cross-team exposure and are recognized as a reliable partner who can apply expertise to have significant influence within and outside the team.

Mission & Outcomes of the Position

  • Assist the Deputy CISO and the Global Information & Security Team in building and maintaining the overall Information Security and IT Risk Management Program
  • Maintain enterprise information security and IT risk management program commensurate with national and international standards (e.g. NIST, FFIEC, ISO, SOC 2)
  • Execute key team projects from start to finish, including but not limited to risk assessments, cybersecurity assessments, threat models, requirement mapping, and gap analyses
  • Develop, implement, and monitor meaningful reporting, metrics, analysis, and controls commensurate with business needs and regulatory expectations
  • Assist the Deputy CISO and the Global Information & Security Team to operationalize established security strategy and track initiatives from conception to completion, in concert with external technology providers
  • Maintain entity controls and identify, report, and control incidents relevant to the services offered by the business lines and supported jurisdictions
  • Drive resolution of IT security internal and external audit issues, including developing and implementing management action plans
  • Manage periodic security tests, including internal and external penetration testing and phishing exercises

Job Description

  • Expert knowledge and wide-ranging experience with the regulatory and industry frameworks/standards/methodologies/tech: SOC 1/2, ISO 27001, NIST 800-53, NIST Cybersecurity Framework, cloud environments, HSMs, data center controls, change management, and logical security
  • Fundamental understanding of business continuity program management at a regulated financial institution
  • Ability to quickly grasp new technologies and systems, articulate related risks, and develop appropriate risk mitigating measures
  • Comprehension of core information security principles in order to reason and continuously improve the core Anchorage Digital security model
  • Deep understanding of the IT threat landscape for the industry and ability to anticipate any impact on the business with the goal to drive a proactive response
  • Excellent project management skills to support stability and successful execution in a very fast moving and cross-functional environment

Overview of responsibilities, ownership, and expertise

  • Expert knowledge and wide-ranging experience with the regulatory and industry frameworks/standards/methodologies/tech: SOC 1/2, ISO 27001, NIST 800-53, NIST Cybersecurity Framework, cloud environments, HSMs, data center controls, change management, and logical security
  • Ability to quickly grasp new technologies and systems, articulate related risks, develop appropriate risk mitigating measures, and “connect the dots” between the company’s service offerings and products to the IT/Information Security environment
  • Resolves a wide range of issues in creative ways to ensure regulatory requirements are being met, including managing and tracking findings (from risk assessments, audits, etc.) from identification to remediation
  • Comprehension of core cybersecurity principles in order to reason and continuously improve the core Anchorage Digital security model
  • Deep understanding of the IT threat landscape for the industry and ability to anticipate any impact on Anchorage Digital with the goal to drive a proactive response
  • Excellent project management skills to support stability and successful execution in a very fast moving environment
  • Experience conducting Business Impact Analyses and Business Continuity Plans with little oversight

Complexity and Impact of Work

  • Assist the Deputy CISO and the Global Information & Security Team in building and maintaining the overall Information Security and IT Risk Management Program
  • Execute key team projects from start to finish, including but not limited to risk assessments, cybersecurity assessments, threat models, requirements mapping, and gap analyses
  • Develop meaningful reporting, metrics, analysis, and controls commensurate with business needs and regulatory expectations
  • Assist the Deputy CISO and the Global Information & Security Team to operationalize established security strategy and track initiatives from conception to completion, in concert with external technology providers
  • Maintain enterprise information security and IT risk management program commensurate with national and international standards (e.g. NIST, FFIEC, ISO, SOC 2)
  • Maintain entity controls and identify, report, and control incidents relevant to the services offered by the business lines and supported jurisdictions
  • Drive resolution of IT security internal and external audit issues, including developing and implementing management action plans
  • Can work autonomously, defines priorities under broad direction, and applies problem solving skills to translate regulations and compliance obligations into technical controls, and vice-versa.
  • Manage periodic security tests, including internal and external penetration testing and phishing exercises

Organizational Knowledge:

  • Understanding of enterprise-level information security programs and the ability to maintain a control set and policy framework which satisfies regulatory requirements in an efficient and elegant manner
  • Help build and maintain the Anchorage Digital enterprise-wide information security program commensurate with business needs as well as industry and regulatory standards, in concert with external technology providers
  • Understands how the company’s priorities relate to their own area of work, and clearly communicates the ‘why’ behind the work

Communication and Influence

  • Communicates proactively, takes ownership in assigned work/projects, and is comfortable asking questions when something is unclear or to further knowledge in a specific area
  • Contributes to cross-functional projects, collaborates with their team and adjacent teams working directly with subject matter experts and doing meaningful translation of compliance requirements into actionable processes.
  • Consistently expresses clear, thoughtful, analytical and solutions-oriented communications, whether in high-impact slides/decks, written communications in slack or email, or verbal communications.
  • Ensure compliance with the changing laws and applicable regulations
  • Develop key risk indicators and dashboard metrics suitable for reporting to senior management

You may be a fit for this role if you have:

  • Background working on programs and the ability to manage multiple processes and projects at once while building constructive working relationships with stakeholders across the different teams,
  • A strong understanding of key cloud architecture principles, cryptography, APIs, as well as appropriate enterprise security practices
  • Knowledge and experience of Information Security Risk and Security Governance
  • Experience participating in security incident response and coordinating activities
  • Familiarity with FFIEC standards and similar regulations
  • Experience working with external regulators, e.g. OCC and NYDFS

Although not a requirement, bonus points if:

  • Experience working in start-ups tech and/or fin-tech companies
  • Experience working as information systems auditor or consultant
  • You were emotionally moved by the soundtrack to Hamilton, which chronicles the founding of a new financial system :)
About Anchorage Digital: Who we are
The Anchorage Village, what we call our team, brings together the brightest minds from platform security, financial services, and distributed ledger technology to provide the building blocks that empower institutions to safely participate in the evolving digital asset ecosystem. As a diverse team of more than 300 members, we are united in one common goal: building the future of finance by providing the foundation upon which value moves safely in the new global economy.
Anchorage Digital is committed to being a welcoming and inclusive workplace for everyone, and we are intentional about making sure people feel respected, supported, and connected at work—regardless of who you are or where you come from. We value and celebrate our differences and we believe being open about who we are allows us to do the best work of our lives.
Anchorage Digital is an Equal Opportunity Employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or veteran status. Anchorage Digital considers qualified applicants regardless of criminal histories, consistent with other legal requirements. “Anchorage Digital” refers to services that are offered either through Anchorage Digital Bank National Association, an OCC-chartered national trust bank, or Anchorage Lending CA, LLC a finance lender licensed by the California Department of Financial Protection and Innovation, License No. 60DBO-11976, or Anchorage Digital Singapore Pte Ltd, a Singapore private limited company, all wholly-owned subsidiaries of Anchor Labs, Inc., a Delaware corporation.
Protecting your privacy rights is important to Anchorage Digital, and we work to maintain the trust and confidence of our clients when handling personal or financial information. Please see our privacy policy notices here.