Senior Security Analyst (Governance, Risk, and Compliance) 

InfoSec · New York, New York
Department InfoSec
Employment Type Full-Time
Minimum Experience Experienced

Senior Security Analyst (Governance, Risk, and Compliance) 

Job Description


About Uphold


One of the fastest-growing fintech companies, Uphold is pursuing a mission to democratise investments and payments for people and companies worldwide. Founded in 2014, the Silicon Valley firm today has more than 3 million customers in over 150 countries and has enjoyed more than 2MM Mobile App downloads during the first quarter of 2020. A bridge between old and new money systems, Uphold allows people to buy, exchange and send more than 100 cryptocurrencies, precious metals, equities, and currencies instantly. An engineering-led company, Uphold provides a stimulating and challenging home for the brightest and best coding talent.


If you’re a Rockstar and this sounds interesting and challenging, we want to hear from you. Apply here!


The opportunity: 


Uphold is looking for a Senior Security Analyst in Governance, Risk and Compliance to join our Information Security team.  This is an incredibly exciting opportunity where you’ll get to help assess Uphold's Information Security risks as well as guide and support the design of security and privacy controls within the context of global regulatory frameworks. The position will also help manage these risks and compile these controls in supporting documentation and explain them to internal and external stakeholders. This role requires a mix of broad business and technical know-how along with a polished ability to communicate with members of the team and their cross functional partners. 


What you’ll be doing primarily:


  • Drive, guide, and facilitate the implementation and remediation of technical security controls required by the Federal Trade Commission, Sarbanes-Oxley, ISO27001, SOC2, Payment Card Industry Data Security Standard (PCI DSS), regulations governing personally identifiable information (PII), other applicable regulatory compliance frameworks.
  • Drive the development, implementation, and mapping of security controls to standard.
  • Ensure requirements and controls are correctly and timely identified, mapped, tracked, and reported for the organization, aiding in compliance efforts related to regulatory, legal, and security frameworks. 
  • Develop and maintain system security documentation, including drafting, reviewing, editing and recommending guidance.
  • Develop and review system security authorization documentation such as security plans, risk assessments, and security control test reports.
  • Assist in the development and implementation of risk management of the information security program to ensure information security risks are identified and monitored.
  • Analyze risk and support risk assessment activities
  • Understand technical implementation details necessary to assess security controls
  • Assist with aligning and codifying controls to show how they are mitigating information security risk.
  • Participate in the development and oversight of required corrective action plans relating to security compliance issues
  • Identify, research, and evaluate new compliance requirements and present them to relevant stakeholders
  • Partner with team members to ensure successful security programs align with compliance and auditing requirements.


Required qualifications:


  • 7+ years of relevant experience
  • 4-year degree preferred
  • Knowledge of industry authoritative sources such as ISO, PCI, SOC2, NIST, GDPR, CCPA and COBIT standards.
  • Prior experience implementing  ISO27001 and SOC2 frameworks.
  • Ability to develop security standards and guidelines based on best practices and industry standards
  • Passion for Information Security Governance and Risk 
  • Experience with analyzing data to surface meaningful information
  • Experience with project management
  • Experience with applying security controls to an IT environment and gathering evidence of those controls preferred.
  • Demonstrated leadership skills including the ability to identify and manage your own work and interface effectively with individuals across various levels to get that work done.
  • Fluent written and oral English skills.


Bonus if you have:


  • Candidates who have industry recognized security certifications strongly preferred (e.g. CISSP, CISA, CISM, CEH, etc.) 
  • Experience in the financial services sector; Cryptocurrency Industries 
  • Knowledge of blockchain technology
  • Experience auditing and working with cloud infrastructure.


Importantly, if you’re looking for a senior role with us, you will have achieved many of the things above while also providing mentorship to others, and have engaged in public speaking opportunities.


What we have to offer you:


  • An amazing work environment in a company that continues to grow, driven by extraordinary and passionate people that keep up innovating and challenging more each day.
  • An international team, in a cutting-edge field, working on the most fascinating projects.
  • Growth and career opportunities, and the chance to be proactive and creative.
  • A flexible and enthusiastic work environment that offers you snacks, a lot of coffee, and other great benefits.
  • Open and transparent culture - we get together on a weekly basis to share updates, strategic plans and engage with each other informally over food and drinks.
  • Interesting events that keep you connected with the team and celebrate our success.


Be part of a great company that is revolutionizing the financial services. Apply now {insert the link to the job opening in BambooHR}!


If this job isn’t exactly what you are looking for, visit our careers page to check out all our exciting opportunities.  


EEOC Employer


We're proud to be an Equal Opportunity Employer and we celebrate our employees' differences, including race, color, religion, gender identity, national origin, age, military service eligibility, veteran status, sexual orientation, marital status, disability, and any other protected classes. Difference makes us stronger and better - together.



Thank You

Your application was submitted successfully.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

  • Location
    New York, New York
  • Department
    InfoSec
  • Employment Type
    Full-Time
  • Minimum Experience
    Experienced