Senior Security Analyst

  • Circle
  • Remote, OR 97458, USA
  • Sep 12, 2020

Job Description

Circle is a global financial technology firm that enables businesses of all sizes to harness the power of stablecoins and public blockchains for payments, commerce and financial applications worldwide. Circle's platform has supported over 100 million transactions worth tens of billions of dollars, with nearly 10 million retail customers, over a thousand businesses, while storing and securing more than $5 billion in digital currency assets. Circle is also the creator of USD Coin (USDC), the fastest growing, regulated, fully-reserved stablecoin, which now stands at a 1.5 billion market cap and is adding more than 100 million net new digital dollars in circulation every week. Today, Circle's transactional services, business accounts, and platform APIs are giving rise to a new generation of financial services and commerce applications that hold the promise of raising global economic prosperity for all through programmable internet commerce.

What you'll be part of:

With the mission To raise global economic prosperity through programmable internet commerce, Circle was founded on the belief that blockchains and digital currency will rewire the global economic system, creating a fundamentally more open, inclusive, efficient and integrated world economy. We envision a global economy where people and businesses everywhere can more freely connect and transact with each other with new technologies for digital money. We believe such a system can raise prosperity for people and companies everywhere.

In 2020, Circle unveiled Circle APIs : a set of solutions and smarter technology to help businesses accept payments in a more global, scalable and efficient alternative to traditional banking rails (spoiler: we're using USD Coin under the hood).

Over the next 12 months, we're going to rapidly grow our API customer base and enable even more businesses to easily integrate and benefit from the breakthrough of programmable money on the internet.

You will aspire to our four core values:
  • Multistakeholder - you have dedication and commitment to our customers, shareholders, employees and families and local communities.
  • Mindful - you seek to be respectful, an active listener and to pay attention to detail.
  • Driven by Excellence - you are driven by our mission and our passion for customer success which means you relentlessly pursue excellence, that you do not tolerate mediocrity and you work intensely to achieve your goals.
  • High Integrity - you seek open and honest communication, and you hold yourself to very high moral and ethical standards. You reject manipulation, dishonesty and intolerance.

Security at Circle:

The Circle Security Team works to protect Circle; our customers, clients, and partners; and the financial markets upon which we rely. The security team leads the company's programs for information security and cybersecurity, business continuity, vendor risk management, and privacy.

As a member of this team, you'll be responsible for designing and testing key security controls both independently and collaboratively across Circle teams. You will continue to learn and stay current in a fun and rapidly changing environment.

What you'll work on:
  • Work collaboratively with internal stakeholders to design and test IT general controls
  • Support the success of SOC 1, SOC 2, and financial audits
  • Conduct risk assessments and perform controls design reviews for Circle's business processes, new initiatives, and third party partners and vendors
  • Design key controls to mitigate assessed risk based on Circle's business requirements and risk tolerance
  • Use industry standards such as the NIST CyberSecurity Framework and ISO 27002 to ensure comprehensive control coverage
  • Document control narratives for use by both internal and external constituents
  • Design and execute control tests to verify operating effectiveness and monitor control performance
  • Own and build relationships with key external stakeholders such as customers, vendors, and auditors
  • Support independent auditors with knowledge transfer of control narratives and evidence collection
  • Produce data-based reports on the comprehensiveness and effectiveness of IT general controls
  • Drive continuous improvement around control operating effectiveness

What you'll bring to Circle:
  • Enthusiasm for scalable, reproducible security and risk management
  • Self-motivated and creative problem-solver able to work independently with minimal guidance
  • Ability to manage multiple competing priorities and use good judgement to prioritize on the fly
  • Attention to detail
  • Experience with SOC 1, SOC 2, and financial audits
  • Experience designing controls that are easy to test and audit, designing automated control tests, and designing control tests for Agile and CI/CD environments
  • An understanding of standards such as ISO 27001/27002, the NIST Cybersecurity Framework and the PCI DSS desirable
  • Familiarity with cloud computing environments such as AWS and Google a plus
  • Experience working in financial services or financial technology a plus
  • Experience working with GRC platforms such as Archer, MetricStream, or ProcessUnity a plus
  • Three or more years of experience building and testing IT general controls or as an IT auditor.
  • Bachelor's degree in computer science, business administration or related field. Equivalent experience also accepted
  • Certifications such as CISA, CISM, CISSP or similar will receive favorable consideration but are not required

If it feels rewarding to see your work scale through automation, are interested in building something meaningful, and would love to work in an entrepreneurial environment, we can't wait to hear from you.

We are an equal opportunity employer and value diversity at Circle. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.