Info Security Analyst

Key Responsibilities:

1. Cybersecurity Governance & Business Alignment

- Serve as the embedded security partner for Digital Assets business teams, aligning security requirements with product and operational objectives.

- Translate enterprise cybersecurity policies and procedures into practical, actionable expectations for digital asset initiatives.

- Participate in project planning, architecture reviews, and roadmap discussions to ensure secure design and regulatory alignment.

- Support risk exception, risk acceptance, and mitigation processes.

2. Digital Asset & Cryptocurrency Risk Assessments

- Lead end-to-end cybersecurity risk assessments for digital asset products, crypto custody models, wallet operations, blockchain integrations, and supporting vendors.

- Evaluate risks related to private key management, wallet operations, smart contract risks, node infrastructure, and transaction processes.

- Document risks, recommend compensating controls, and track remediation to closure.

3. Vendor Cybersecurity Oversight

- Own the security risk lifecycle for digital asset vendors-from due diligence and contract negotiation to ongoing monitoring.

- Review vendor cybersecurity evidence (SOC 2, pen tests, questionnaires, cloud posture).

- Ensure contractual controls for data protection, breach notification, crypto asset handling, and regulatory adherence.

- Track and drive remediation of vendor findings.

4. Education, Policy, and Standards Enablement

- Educate business, engineering, and operations teams on Client's cybersecurity policies and secure practices.

- Develop crypto-specific security training and guidance.

- Promote a culture of security awareness.

5. Compliance, Audit, and Regulatory Support

- Prepare and coordinate internal/external audit activities.

- Ensure controls operate effectively and evidence is complete.

- Support alignment with SEC, FINRA, OCC, FFIEC, and other regulatory expectations.

6. Cyber Incident Preparedness & Response

- Collaborate with Cyber Operations and IR teams for crypto-specific incident preparedness.

- Contribute to playbooks for key compromise, vendor breaches, on-chain exploits, and blockchain outages.

7. Risk Reporting & Executive Communication

- Produce business-focused reporting on residual risk, vendor posture, assessment outcomes, KRIs, and audit findings.

- Present risks and recommendations to leadership.

Key Responsibilities:

1. Cybersecurity Governance & Business Alignment

- Serve as the embedded security partner for Digital Assets business teams, aligning security requirements with product and operational objectives.

- Translate enterprise cybersecurity policies and procedures into practical, actionable expectations for digital asset initiatives.

- Participate in project planning, architecture reviews, and roadmap discussions to ensure secure design and regulatory alignment.

- Support risk exception, risk acceptance, and mitigation processes.

2. Digital Asset & Cryptocurrency Risk Assessments

- Lead end-to-end cybersecurity risk assessments for digital asset products, crypto custody models, wallet operations, blockchain integrations, and supporting vendors.

- Evaluate risks related to private key management, wallet operations, smart contract risks, node infrastructure, and transaction processes.

- Document risks, recommend compensating controls, and track remediation to closure.

3. Vendor Cybersecurity Oversight

- Own the security risk lifecycle for digital asset vendors-from due diligence and contract negotiation to ongoing monitoring.

- Review vendor cybersecurity evidence (SOC 2, pen tests, questionnaires, cloud posture).

- Ensure contractual controls for data protection, breach notification, crypto asset handling, and regulatory adherence.

- Track and drive remediation of vendor findings.

4. Education, Policy, and Standards Enablement

- Educate business, engineering, and operations teams on Client's cybersecurity policies and secure practices.

- Develop crypto-specific security training and guidance.

- Promote a culture of security awareness.

5. Compliance, Audit, and Regulatory Support

- Prepare and coordinate internal/external audit activities.

- Ensure controls operate effectively and evidence is complete.

- Support alignment with SEC, FINRA, OCC, FFIEC, and other regulatory expectations.

6. Cyber Incident Preparedness & Response

- Collaborate with Cyber Operations and IR teams for crypto-specific incident preparedness.

- Contribute to playbooks for key compromise, vendor breaches, on-chain exploits, and blockchain outages.

7. Risk Reporting & Executive Communication

- Produce business-focused reporting on residual risk, vendor posture, assessment outcomes, KRIs, and audit findings.

- Present risks and recommendations to leadership.

Qualifications:

- Bachelor's degree in Information Security, Computer Science, Engineering, or related field.

- 7+ years in…