Senior Security Analyst

About this job

Compensation: Equity
Location options: Remote
Job type: Full-time
Experience level: Senior
Role: Embedded Developer
Industry: Banking, Bitcoin, Cryptocurrency
Company size: 51-200 people
Company type: Private


security, soc, iso

Job description


Xapo is a leading bitcoin wallet, and we have a mission to bring bitcoin to the everyday lives of people across the world.

Our business is growing fast, and we want to make sure we can keep providing the best quality support to our customers. We’re known for our fast responses to users, a positive attitude, and a real desire to find the best working solutions for the people who chose to use Xapo’s products and services.

Do you see yourself working with smart people in a collaborative, fast-paced, environment using the latest technologies? Have you always dreamed about working for a tech startup where you can apply your great talents and continue to learn and grow throughout your career? If you answered “Yes” to all of these questions then Xapo is the place for you!

This full-time position is planned to be remote, meaning you can work from anywhere in Europe or in the United States!


  • High-level coordination and communication across various business units, overseeing operational execution of Global IT Security Policies, and ensuring regulatory IT Security compliance requirements are being met.

  • Enforcement and validation of Global information security policies, standards, and procedures.

  • Assess IT general controls and/or application layer security controls to ensure compliance with XAPO Global Information Security policies, international standards, best practices, and regulations, especially in the European Union (GDPR, the new Data Privacy Regulation in the EU).

  • Deep understanding of business processes and technology used within the areas to ensure compliance with regulatory requirements and the XAPO Information Security Policy and applicable procedures, processes, and standards.

  • Identify and evaluate technology risks internally and/or at third parties, internal controls which mitigate risks, and related opportunities for internal control improvements.

  • Ensure users understand and adhere to policies and procedures including the implementation and enforcement of an information Security awareness program.

  • 5 years or more as an auditor or in audit departments.

  • Proven experience in  SOC1/2 Reports and ISO 27001 Certification, Information Security controls - Big 4, Consulting or IT internal audit experience.

  • Have understanding or work experience with GDPR, the new Data Privacy Regulation in the EU.

  • Information Security certification such as CISSP, CISSM, CRISC, CISA or equivalent desirable.

  • Deep understanding and experience on the implementation of Policies for Data Privacy and Security control for the protection of Personal Data and Personally Identifiable Information.

  • Privacy regulations and security compliance requirements affecting Global financial institutions (i.e. GDPR).

  • To be located in Europe.


- Knowledge in various cybersecurity areas such as Identity and Access Management, Threat and Vulnerability - Management, Information Risk and Governance, IT Architecture, Monitoring, Incident Response, and Security Strategy, Physical Security and/or Business Resiliency.

- Good written and verbal communication skills for report writing, business requirement proposals, technical policies, and methodology documentation.

- Strong analytical, problem solving, organizational, documentation; time management skills and attention to details.

- Good analytical and problem-solving skills coupled with thoroughness and attention to detail is highly desired.

- Ability to optimize and condense information and transform data into easily understandable concepts.

- Technical skills in MS Excel, PowerPoint, Word, and Project.

- Fluent in English. Speak a second language ideal, preferably Spanish, but not a requirement.

Some Perks of working for Xapo:

  • Attractive compensation.

  • Great remote-work environment.

  • Work completely remote.