Regional Information Security Senior Analyst

Job Description

Building the Future of Crypto

Our Krakenites are a world-class team with crypto conviction, united by our desire to discover and unlock the potential of crypto and blockchain technology.

What makes us different

Kraken is a mission-focused company rooted in crypto values. As a Krakenite, youll join us on our mission to accelerate the global adoption of crypto, so that everyone can achieve financial freedom and inclusion. For over a decade, Krakens focus on our mission and crypto ethos has attracted many of the most talented crypto experts in the world.

Before you apply, please read the Kraken Culture page to learn more about our internal culture, values, and mission. We also expect candidates to familiarize themselves with the Kraken app. Learn how to create a Kraken account here.

As a fully remote company, we have Krakenites in 70+ countries who speak over 50 languages. Krakenites are industry pioneers who develop premium crypto products for experienced traders, institutions, and newcomers to the space. Kraken is committed to industry-leading security, crypto education, and world-class client support through our products like Kraken Pro, Desktop, Wallet, and Kraken Futures.

Become a Krakenite and build the future of crypto!

Proof of work

The team

We are seeking a highly capable Senior Analyst to support regional information security, operational resilience, and business continuity initiatives across the UAE and European regions. This role is instrumental in ensuring compliance with applicable laws and frameworks, including MiCA, DORA, ISO27001, and UAE SCA regulations.

The analyst will work closely with the Group Security and IT teams, contributing to global security frameworks and ensuring consistent implementation of regional requirements. The position focuses on risk assessments, business impact analysis, control testing, audit preparation, and regulatory reportingwhile providing tactical support to the RISO function.

• Prepare, contribute and report to regional risk governance and board committee meetings, highlighting control status, risk exposure, and readiness.
• Execute risk assessments and control testing across UAE operations in line with SCA cybersecurity guidelines and security best practices.
• Maintain and review Business Impact Assessments (BIA), integrating findings into global resilience planning.
• Contribute to Business Continuity Plan (BCP) documentation, testing, and updates, including entity-specific scenarios.
• Collaborate with Group Security and IT to:
• Align UAE-specific regulatory controls with global policies and control frameworks.
• Contribute to the development of security policies to meet international and UAE compliance requirements.
• Conduct security control validation and document evidence for internal/external audits.
• Participate in remediation planning for audit findings and track progress to closure.
• Support the RISO in preparing and submitting regulatory documentation to regulators.
• Prepare and present security and resilience reports for internal governance committees and local entity management.
• Assist in responses to regulatory examinations, including due diligence and compliance queries.
• Liaise with compliance and legal teams to interpret regulatory changes and propose control adaptations.
• Participate in the regional incident response process, assist with post-incident reviews, and support continuous improvement activities.
• Coordinate with cross-functional stakeholders to embed security requirements into operational processes.

• 5+ years of experience in Information Security, IT risk management, or compliance.
• Strong understanding of financial cybersecurity frameworks, ISO27001, NIST, and DORA frameworks.
• Experience supporting BCP/DR planning and operational resilience assessments.
• Excellent communication, stakeholder management, and technical documentation skills.
• Security certifications such as CISSP, CISM, CRISC, ISO27001 Lead Implementer, or CBCP are highly desirable.

This job is accepting ongoing applications and there is no application deadline.

Please note, applicants are permitted to redact or remove information on their resume that identifies age, date of birth, or dates of attendance at or graduation from an educational institution.

We consider qualified applicants with criminal histories for employment on our team, assessing candidates in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance.

We encourage you to apply for roles where you don&apost fully meet the listed requirements, especially if you&aposre passionate or knowledgable about crypto!

As an equal opportunity employer, we dont tolerate discrimination or harassment of any kind. Whether thats based on race, ethnicity, age, gender identity, citizenship, religion, sexual orientation, disability, pregnancy, veteran status or any other protected characteristic as outlined by federal, state or local laws.

Stay in the know

Follow us on Twitter

Learn on the Kraken Blog

Connect on LinkedIn