About Celsius Network
Celsius addresses the financial needs of today’s consumers worldwide through a democratized interest income and lending platform accessible via mobile and desktop app. With a mission to put unparalleled economic freedom in the hands of the people, and a core belief that financial services should only do what is in the best interests of the community, Celsius is a modern earning and lending platform where membership provides access to curated financial services that are not available through traditional financial institutions. Crypto holders can earn yield on the digital assets in their account with Celsius, and can borrow fiat or stablecoins against their crypto collateral at the lowest interest rates in the space.
The Celsius team is committed to doing good and doing well. We believe in the power of disruption and the importance of decentralization to create a new system that acts in the best interest of everyone. Each member of our team brings something unique and innovative to the table, but the common thread that links us together is our passion for blockchain, equality, and leading the next financial revolution that changes the equation to bring power back to the people.
Position: Security GRC Specialist and Architect
- Implements security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances Celsius’ business objectives.
- Review and update documentation for policies, procedures, standards and guidelines.
- Evaluates risks and develops security standards, procedures, and controls to manage risks. Improves Celsius’s security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
- Implements processes, to automate and continuously monitor information security controls, exceptions, risks, testing. Develops reporting metrics, dashboards, and evidence artifacts.
- Performs and investigates internal and external information security risk and exceptions assessments. Assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks.
- Updates security controls and provides support to all stakeholders on security controls covering internal assessments, regulations, protecting Personally Identifying Information (PII) data, and Payment Card Industry Data Security Standards (PCI DSS).
- Documents and reports control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities.
- Defines and documents business process responsibilities and ownership of the controls in GRC tool. Schedules regular assessments and testing of effectiveness and efficiency of controls and creates reports.
- Assists other staff in the management and oversight of security program functions.
- Conduct Vendor’s assessment process and help to lead and define overall third-party risk management efforts.
- Define and review architectural needs and priorities as a part of different security projects.
- Applicable information security management, governance, and compliance principles, practices, laws, rules and regulations;
- Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols;
- Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration;
- Information systems auditing, monitoring, controlling, and assessment process;
- Incident response management;
- Risk assessment and management methodology.
- Effectively communicate technical issues to diverse audiences, both in writing and verbally;
- Apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing process;
- Evaluate and update and/or revise program materials;
- Learn quickly and apply knowledge to new situations;
- Handle sensitive and confidential matters, situations, and data;
- Understand and follow broad and complex instructions;
- Interact positively with staff, the Board, and regulatory agencies in order to enhance effectiveness and to promote quality service;
- Comprehend technical language and to confer, analyze and write in an objective, lucid manner;
- Work independently and prioritize multiple tasks and adapt to needed changes;
- Remain calm under high pressure/difficult situations.
Apply here 👉 Security GRC Specialist and Architect job