Security Governance and Risk Specialist

About Us

Chainlink Labs is the primary contributing developer of Chainlink, the decentralized computing platform powering the verifiable web. Chainlink is the industry-standard platform for providing access to real-world data, offchain computation, and secure cross-chain interoperability across any blockchain. Chainlink Labs helps power verifiable applications for banking, DeFi, global trade, and gaming by collaborating with some of the world’s largest financial institutions, notably Swift, DTCC, and ANZ. Chainlink Labs also works with top Web3 teams, including Aave, Compound, GMX, Maker, and Synthetix. Chainlink Labs was ranked in Newsweek’s 100 Most Loved Workplaces 2023 in both the United States and United Kingdom.

The Security Team

The security department is the guardian of Chainlink Labs’ people and infrastructure. Its principal objective is to safeguard Chainlink Labs and its assets against potential threats from any external or internal source. This mission is accomplished through a combination of specialized security engineering, the deployment of cutting-edge technologies, forward-thinking policy development, and the training of highly skilled, security-aware personnel throughout the entire organization.

As an indispensable component of the larger organization, the team seeks to promote a widely understood culture of security, safeguarding our most valuable assets while remaining agile and accessible to all employees and the community.

The Role

We are seeking a highly motivated and experienced Security Governance & Risk Specialist to join our Security Assurance team. You will be responsible for establishing security governance committee structure, executing security risk assessments processes and maintaining an up-to-date risk register, while working closely with stakeholders in remediating the gaps identified in the assessment. Also, you will be contributing to part of the security compliance requirements. The ideal candidate should have a proven track record of working on complex engineering, security and operations projects and initiatives with strong technical background.

• Assist in the development, maintenance and implementation of security policies, standards, and procedures to guide the organization's security practices.
• Establish security governance frameworks such as ISO 27001, NIST , COBIT or other relevant standards
• Assist in the development and execution of security risk assessment process, including documentation and implementation of risk treatment.
• Maintain a risk register to document and track identified risks and associated mitigation efforts.
• Develop and implement risk mitigations strategies and controls to address the identified security risks
• Define and track key performance indicators (KPIs) and metrics to measure the effectiveness of security controls and governance processes.
• Prepare and present security reports to senior management, highlighting risks, incidents, and compliance status.
• Conduct comprehensive third-party risk assessment of potential and existing vendors to evaluate their security posture in collaboration with Finance and Legal teams.
• Assist in completing security due diligence questionnaires from potential customers.
• Automate and implement risk management tools to support the security risk assessment process.
• Engage in team-building events, community engagement, team off-sites, peer-review & management review cycles and activities

• With education or experience in the Information Security field
• At least 3 years of experience in Security Governance and Risk function with ability to run end to end security risk management process
• Experience working in fast paced technology or Web 3 companies
• Experience in building enterprise and security risk management process to satisfy ISO and SOC2 requirements
• Strong technical background working on complex engineering, security and operations projects and initiatives
• With one or more of these certifications - CISSP, CISM, CRISC, AWS/Azure/CGP security, ISO 27001 Lead Auditor or Implementer, FAIR etc.
• Strong communication skills, in particular around objectively measuring risk.

• Security risk management experience in Web3 space
• Experience working in cybersecurity practice at one of the big 4 audit firms
• Experience in implementing Security GRC tool
• Ability to develop and implement strategies to mitigate the identified security risk

All roles with Chainlink Labs are global and remote-based. Unless otherwise stated, we ask that you try to overlap some working hours with Eastern Standard Time (EST).

Commitment to Equal Opportunity

Chainlink Labs is an equal opportunity employer. All qualified applicants will receive equal consideration for employment in compliance with applicable laws, regulations, or ordinances. If you need assistance or accommodation due to a disability or special need when applying for a role or in our recruitment process, please contact us via this form.

Global Data Privacy Notice for Job Candidates and Applicants

Information collected and processed as part of your Chainlink Labs Careers profile, and any job applications you choose to submit is subject to our Privacy Policy. By submitting your application, you are agreeing to our use and processing of your data as required.