Senior Information Security Process Analyst

  • Xapo
  • San Francisco, CA, USA
  • Jun 29, 2018
Full time Risk Security

Job Description

Job description


At Xapo, the largest custodian of Bitcoin in the world, we offer the convenience you would expect from an online checking account with the high tech security of our Bitcoin vault. Our business is growing fast, and we want to make sure we can keep providing the best quality support to our customers. We are looking for an experienced

information Security Process Analyst who can actively contribute to a challenging / technological work environment.



  • High-level coordination and communication across various business units, overseeing operational execution of Global IT Security Policies, and ensuring regulatory IT Security compliance requirements are being met

  • Act as an Information Security liaison with US Regulators and Authorities

  • Enforcement and validation of Global information security policies, standards and procedures

  • Assess IT general controls and/or application layer security controls to ensure compliance  with XAPO Global Information Security policies, international standards, best practices and regulations, especially in the US

  • Deep understanding of business processes and technology used within the areas to ensure compliance with regulatory requirements and the XAPO Information Security Policy and applicable procedures, processes and standards

  • Identify and evaluate technology risks internally and/or at third parties, internal controls which mitigate risks, and related opportunities for internal control improvements

  • Ensure users understand and adhere to policies and procedures including implementation and enforcement of an information Security awareness program

Some Perks of working with Xapo


Absolute autonomy

Working as part of a global team

Learning from Silicon Valley’s brightest


  • 5 years or more as an auditor or in audit departments

  • Proven experience in  SOC1/2 Reports and ISO 27001 Certification, Information Security controls - Big 4, Consulting or IT internal audit experience.

  • Information Security certification such as CISSP, CISSM, CRISC, CISA or equivalent desirable.

  • Deep understanding  and experience on implementation of Policies for Data Privacy and Security controls for protection of Personal Data and Personally Identifiable Information

  • Privacy regulations and security compliance requirements affecting Global financial institutions (i.e. GDPR)

Additional Skills

Knowledge in various cybersecurity areas such as: Identity and Access Management, Threat and Vulnerability Management, Information Risk and Governance, IT Architecture, Monitoring, Incident Response and Security Strategy, Physical Security and/or Business Resiliency

Good written and verbal communication skills for report writing, business requirement proposals, technical policies, and methodology documentation.

Strong analytical, problem solving, organizational, documentation; time management skills and attention to details

Good analytical and problem-solving skills coupled with thoroughness and attention to detail is highly desired

Ability to optimize and condense information and transform data into easily understandable concepts

Technical skills in MS Excel, PowerPoint, Word, and Project

Fluent in English

Speak a second language ideal, preferably Spanish, but not a requirement