Member of Information & Security at Anchorage Digital

This role is designed for a mid-to-senior level cybersecurity professional with deep expertise in IT risk management and regulatory frameworks (NIST, ISO 27001,

Work type: remote

Location: United States

Type: Full-time

Summary

This role is designed for a mid-to-senior level cybersecurity professional with deep expertise in IT risk management and regulatory frameworks (NIST, ISO 27001, SOC 2). The ideal candidate has a strong grasp of cloud architecture and cryptography, particularly within the fintech or banking sectors. You should be comfortable acting as a technical leader who can translate complex regulatory requirements into actionable security controls while working autonomously in a fast-paced environment. As a fully remote US-based position, this role offers significant flexibility and the chance to work for a high-growth, Series D crypto unicorn. You’ll have a high degree of influence over the global security strategy, moving beyond simple execution to help drive long-term company goals. The company culture is backed by major institutional investors like Goldman Sachs and Visa, offering a stable yet innovative environment at the intersection of traditional finance and digital assets. **You might be a good fit if you:** * Have extensive experience navigating audits and compliance (FFIEC, NYDFS, or MAS). * Are an expert at "connecting the dots" between complex technology and risk mitigation. * Enjoy a mix of high-level strategy and hands-on project management. * Are comfortable working in a startup-like environment that values proactive communication and cross-functional leadership.

Job Description

At Anchorage Digital, we are building the world’s most advanced digital asset platform for institutions to participate in crypto.

Anchorage Digital is a crypto platform that enables institutions to participate in digital assets through custody, staking, trading, governance, settlement, and the industry's leading security infrastructure. Home to Anchorage Digital Bank N.A., the first federally chartered crypto bank in the U.S., Anchorage Digital also serves institutions through Anchorage Digital Singapore, Porto by Anchorage Digital, and other offerings.

The company is funded by leading institutions including Andreessen Horowitz, GIC, Goldman Sachs, KKR, and Visa, with its Series D valuation over $3 billion. Founded in 2017 in San Francisco, California, Anchorage Digital has offices in New York, New York; Porto, Portugal; Singapore; and Sioux Falls, South Dakota. Learn more at anchorage.com, on X @Anchorage, and on LinkedIn.

As a Member of the Global Information & Security Team at Anchorage Digital, you will have the opportunity to help build and scale a forward-looking security program that not only ensures the security of our data and our client’s digital assets and industry standards, but also meets the necessary regulatory requirements, including but not limited to those established by Gramm–Leach–Bliley Act Safeguards Rule and Federal Financial Institutions Examination Council, New York State Department of Financial Services, and Monetary Authority of Singapore.

You will work on various information security projects and areas such as cybersecurity risk assessments, designing and implementing key internal controls, and compiling reporting and metrics. You are recognized as an expert in cybersecurity and IT risk management and are able to lead projects autonomously and cross-functionally.

You are responsible for identifying and evaluating risk to the company’s Information Security Program and for creating and improving controls to help manage Anchorage Digital’s operational risks in line with regulatory requirements and industry standards. You are also responsible for ensuring these controls continue to perform as expected, without any issues or deviations.

You are capable of contributing to the development of company goals and objectives, expected to help drive the long-term strategy of the Information Security Team. You are a strong contributor and have the ability to significantly contribute to medium-to-large projects and overall Anchorage Digital culture. You not only understand the “why” and the “bigger picture”, but meaningfully contribute to prioritizing the work within the team. Additionally, you will have cross-team exposure and are recognized as a reliable partner who can apply expertise to have significant influence within and outside the team.

We have created the Factors of Growth & Impact to help Villagers better measure impact and articulate coaching, feedback, and the rich and rewarding learning that happens while exploring, developing, and mastering the capabilities and contributions within and outside of the Member of Information & Security role:

## Technical Skills:

• Expert knowledge and wide-ranging experience with the regulatory and industry frameworks/standards/methodologies/technology: NIST 800-53, NIST Cybersecurity Framework, ISO 27001, SOC 1/2, cloud environments, logical security, change management, and computer operations


• Ability to quickly grasp new technologies and systems, articulate related risks, develop and implement appropriate risk mitigating measures, and “connect the dots” between the company’s service offerings and products to the IT/Information Security environment


• Resolves a wide range of issues in creative ways to ensure regulatory requirements are being met, including managing and tracking findings (from risk assessments, audits, etc.) from identification to remediation


• Comprehension of core information security principles in order to reason and continuously improve the core Anchorage Digital security model


• Deep understanding of the IT threat landscape for the industry and cloud environments along with the ability to anticipate any impact on the business with the goal to drive a proactive response


• Excellent project management skills to support stability and successful execution in a very fast moving and cross-functional environment

• Strategically guide the Global Information & Security Team in building and maintaining the overall Information Security and IT Risk Management Program


• Translate IT compliance and risk strategy into functional and actionable plans and guides execution. Accountable for results and implementing solutions with a longer term view that impact multiple functions across Anchorage Digital


• Lead and execute key team projects from start to finish, including but not limited to risk assessments, cybersecurity assessments, requirements mapping, and gap analyses


• Develop meaningful reporting, metrics, analysis, and controls commensurate with business needs and regulatory expectations


• Drive the maturity of the enterprise information security and IT risk management program commensurate with national and international standards (e.g. NIST, FFIEC, ISO, SOC 2)


• Maintain entity controls and identify, report, and control incidents relevant to the services offered by the business lines and supported jurisdictions


• Drive resolution of IT security internal and external audit issues, including developing and implementing management action plans


• Work autonomously, defines priorities under broad direction, and applies problem solving skills to translate regulations and compliance obligations into technical controls, and vice-versa.

• Understanding of enterprise-level information security programs and the ability to maintain a control set and policy framework which satisfies regulatory requirements in an efficient and elegant manner


• Understands how the company’s priorities relate to their own area of work, and clearly communicates the ‘why’ behind the work.


• Engages with other peers to develop methods, techniques and evaluation criteria for projects, programs, and people that have enterprise-wide impact


• Works on complex issues where analysis of situations or data requires an in-depth knowledge of the company


• Stays aware of changes through cross-functional collaboration to anticipate and prevent obstacles from hindering team performance

• Communicates proactively, takes ownership in assigned work/projects, and is comfortable asking questions when something is unclear or to further knowledge in a specific area


• Contributes to cross-functional projects, collaborates with their team and adjacent teams working directly with subject matter experts and doing meaningful translation of compliance requirements into actionable processes


• Builds effective relationships with stakeholders including clients, team managers, cross-functional partners, and external partners. Is engaging, easy to approach and builds appropriate rapport, with diplomacy and tact, and recognized as a technical leader whose knowledge, ideas and critical thinking impact the strategic direction of Anchorage Digital


• Consistently expresses clear, thoughtful, analytical and solutions-oriented communications, whether in high-impact slides/decks, written communications in slack or email, or verbal communications


• Ensure compliance with the changing laws and applicable regulations


• Mentors and guides others on the team within the cybersecurity and cloud security domains

• A background working on programs and the ability to manage multiple processes and projects at once while building constructive working relationships with stakeholders across the different teams,


• A strong understanding of key cloud architecture principles, cryptography, APIs, as well as appropriate enterprise security practices


• Knowledge and experience of Information Security Risk and Security Governance


• Experience with NIST 800-53, NIST Cybersecurity Framework, ISO 27001, SOC 1/2

• You have experience working in start-ups tech and/or fin-tech companies


• You have experience working as information systems auditor or consultant


• You were emotionally moved by the soundtrack to Hamilton, which chronicles the founding of a new financial system. :)

You will work on various information security projects and areas such as cybersecurity risk assessments, designing and implementing key internal controls, and compiling reporting and metrics. You are recognized as an expert in cybersecurity and IT risk management and are able to lead projects autonomously and cross-functionally.

You are responsible for identifying and evaluating risk to the company’s Information Security Program and for creating and improving controls to help manage Anchorage Digital’s operational risks in line with regulatory requirements and industry standards. You are also responsible for ensuring these controls continue to perform as expected, without any issues or deviations.

You are capable of contributing to the development of company goals and objectives, expected to help drive the long-term strategy of the Information Security Team. You are a strong contributor and have the ability to significantly contribute to medium-to-large projects and overall Anchorage Digital culture. You not only understand the “why” and the “bigger picture”, but meaningfully contribute to prioritizing the work within the team. Additionally, you will have cross-team exposure and are recognized as a reliable partner who can apply expertise to have significant influence within and outside the team.

We have created the Factors of Growth & Impact to help Villagers better measure impact and articulate coaching, feedback, and the rich and rewarding learning that happens while exploring, developing, and mastering the capabilities and contributions within and outside of the Member of Information & Security role:

View this job on nocollar jobs