Кариери

Senior Information Security Risk Analyst

Bulgaria·Full-Time·Security

What we do and who we are?

We are the leading crypto lender that has built its reputation in the blockchain world with its signature ​Instant Crypto Credit Lines​TM and ​Earn Interest​ product. Nexo has processed more than $30B+ for a continually growing 1M+ user base from more than 200+ jurisdictions around the globe.

We live and breathe solving complex problems for our base and we have the customer reviews to show for. We’ve zeroed in on solving real issues for our users and found a great product market fit. The result is a profitable business from Day 1 that has distributed close to $10M in dividends until now.

We are on a mission to build the next generation of infrastructure that will enable millions of people to ditch the traditional banking rails and move to a world of financial freedom and great UX. Nexo’s team consists of builders and problem solvers that sacrifice short term profits for the benefits of its users.

Nexo’s team is regularly featured on Bloomberg and CNBC to comment on pressing blockchain issues such as the ​Tether stablecoin​, Facebook’s Libra​, ​Tokenized Gold​, and ​Bitcoin.​

We are looking to hire a professional to join our growing team of Nexo as a Senior Information Security Risk Analyst.

Key Responsibilities:

  • Responsible for creating and/or maintaining security standards and procedures
  • Identifying risks, and ensuring IT controls and operational processes are in place to mitigate identified risks
  • Promotes an efficient and secure IT environment in alignment with present and future cyber risks. -
  • Develop and maintain a comprehensive risk assessment process which will include an internal risk register to track all technology risk
  • Develop appropriate reporting for management and track remediation to completion
  • Own and manage the third-party risk assessment process
  • Responsible for maintaining applicable Information Security policies and standards and aid in the Data Governance program

Requirements:

  • Ability to support Information and Technology risk taxonomy development and implementation, including development of risk appetite, key risk indicators and key performance indicators
  • Experience developing an enterprise risk reporting capability, and ability to coordinate information technology risk status and updates to the direct line of management
  • Experience assisting and coordinating third-party security assessments and audits
  • 3 to 5 years’ experience leading and performing periodic audits of information technology procedures and technology implementation to confirm compliance with regulatory standards, contractual agreements, and enterprise policy
  • Experience independently updating corporate security policies, standards, procedures, and plans, and identifying opportunities to improve efficiency
  • Experience facilitating input to and documenting IT processes, risks, and controls in a GRC solution
  • Experience developing and documenting security incident reporting processes and procedures
  • Experience participating in coordinating and documenting incident reporting and response, and facilitating reporting to stakeholders
  • Experience leading or providing substantial support to the development and delivery of information and technology risk training material
  • Demonstrated proactive and self-motivated work ethic
  • Candidates need to pass the polygraph prior to their start

Other desired skills:

  • Bachelor’s Degree in computer programming, management information systems or another computer related field preferred. Will consider a combination of education and computer/IT skills developed through progressively responsible positions in technology or consulting roles
  • Experience with security and privacy domains as well as frameworks and standards such as COBIT, ISO 27001, PCI-DSS, etc.
  • Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), or Certified Information Systems Security Professional (CISSP) preferred
  • Knowledgeable about IT audit best practices

What do we offer?

  • Opportunity to solve problems for a global diverse base of customers on a massive scale
  • Competitive salary
  • Flexible working conditions
  • Bonus Options available in Nexo tokens

Кандидатствай

Придобивки

Бонуси и придобивки за екипа на Nexo

Хибриден начин на работа

Офис близо до центъра на София, възможност за работа от вкъщи, или комбинация от двете.

Почивка и активности

25 дни годишен отпуск, чести събирания в и извън офиса и два тиймбилдинга годишно.

Онлайн обучения

Възможност за онлайн обучения
в Udemy и други платформи.

Бонуси

Допълнително възнаграждение на база резултати и годишен дивидент.

Здравно осигуряване

Допълнително здравно
осигуряване от UNIQA.

Множество отстъпки

Отстъпки за заведения, компютърна
техника и други.

Multisport

Multisport карта покриваща
разнообразни активности.

Паркинг

Паркинг до офиса.

Храна в офиса

Чай, кафе, плодове, ядки и други
здравословни храни и напитки.

Масажи

Масажи на работното място.

Електрически велосипеди

Електрически велосипеди за екипа.