Chorus One is the largest cryptocurrency staking provider in Europe securing billions in assets and operating nodes on more than 25 Proof of Stake networks such as Solana, Ethereum, Cosmos, and others. We also research, design, and build liquid staking and interoperability solutions to enable a richer inter-blockchain ecosystem.
To support the company’s growing security needs Chorus One is looking for an IT Security and Compliance Analyst to join our engineering team. You will be the security and compliance subject matter expert within Chorus One and be responsible for leading compliance projects end to end, from planning phase through execution, closure phase and ongoing monitoring.
You want to work with a great team at cutting-edge technologies, business models, and ideas. You are comfortable taking on challenging objectives and executing on them with a high degree of autonomy. You are organized, flexible, and have a proven track record enabling the effective operation of one or multiple teams. Then we would love for you to apply.
People at Chorus One come from all walks of life; we believe in the importance of carving out more space for diversity in the tech industry and bring down barriers to entry in the blockchain space to those underrepresented in the industry. We are aware of the systemic obstacles faced by women, non-binary people, people of color, and other minorities in the workplace, and we are taking active steps to make Chorus One, and the blockchain industry more broadly, a safe, inclusive space where all the voices are heard and equally matter.
Here is what we are looking for:
- Functional knowledge of security domains and information security industry standard and best practices
- Experience leading and implementing security frameworks, such as GDPR, ISO 27001, SOC 2) from start to finish
- Demonstrated past experience with controls definition, development, implementation and assessment
- Experience with network security infrastructure, threats, and vulnerabilities to networks, and mitigate security threats
- Self sufficient at planning for and executing pentests and vulnerability scans of Chorus One infrastructure
- Experience with encryption, cryptography and certificate/key management
- Ability to identify and recommend tools, processes, and software to automate and continuously improve security and compliance practices
- Strong organizational skills, proactive and self-sufficient with a proven ability to work independently and prioritize deliverables
- Analyze security controls and compliance requirements for relevant security standards and frameworks (ISO 27001 required).
- Ensure timely compliance with data security policies and relevant legal and regulatory requirements by Chorus One.
- Configure and run security tests of Chorus One’s public APIs.
- Monitor and conduct internal audits of the system environment, policies and procedures. Develop and maintain timelines, roadmaps, and list of required tasks for various teams.
- Document and communicate issues, triage resolution, and escalate as necessary to management and team stakeholders
- Gather suggestions and guidance to help engineers improve existing practices and technologies to align with the organization's risk appetite and ensure regulatory compliance.
- Assist sales in responding to prospect and customer inquiries about Chorus One’s security and compliance posture.
- Create procedural documentation, including training materials or process documentation.
- Autonomy, a friendly and supportive work environment, and the opportunity for rapid growth
- Competitive fixed compensation (USD 80k-120k ) + equity
- 3,000 USD yearly budget for training and development
- All-expense paid quarterly team retreats at nice destinations. Past retreats took place in Egypt, Serbia, Kenya, USA, South Korea, Dubai and Portugal
- Fully remote work. You can work from where you want
- Unlimited leave
- Brand new laptop
To apply, please submit the following:
- Your CV
- A cover letter
- A 2-3 page document answering the following two questions:
1. Describe the most effective team you have been part of. Why did it function well and where was it limiting itself?
2. What past ISO27001 and SOC2 efforts have you been involved with? What was your most impactful contribution towards this effort?