Security Assurance Specialist

About Chainlink
Chainlink is the industry-standard oracle platform bringing the capital markets onchain and powering the majority of decentralized finance (DeFi). The Chainlink stack provides the essential data, interoperability, compliance, and privacy standards needed to power advanced blockchain use cases for institutional tokenized assets, lending, payments, stablecoins, and more. Since inventing decentralized oracle networks, Chainlink has enabled tens of trillions in transaction value and now secures the vast majority of DeFi.

Many of the world's largest financial services institutions have also adopted Chainlink's standards and infrastructure, including Swift, Euroclear, Mastercard, Fidelity International, UBS, S&P Dow Jones Indices, FTSE Russell, WisdomTree, ANZ, and top protocols such as Aave, Lido, GMX and many others. Chainlink leverages a novel fee model where offchain and onchain revenue from enterprise adoption is converted to LINK tokens and stored in a strategic Chainlink Reserve. Learn more at

The Security Team
The security department is the guardian of Chainlink Labs' people and infrastructure. Its principal objective is to safeguard Chainlink Labs and its assets against potential threats from any external or internal source. This mission is accomplished through a combination of specialized security engineering, the deployment of cutting-edge technologies, forward-thinking policy development, and the training of highly skilled, security-aware personnel throughout the entire organization.

As an indispensable component of the larger organization, the team seeks to promote a widely understood culture of security, safeguarding our most valuable assets while remaining agile and accessible to all employees and the community.

As a Security Assurance Specialist, you will be responsible for assisting in the implementation of key security requirements across the business. You will build and maintain Security Control Frameworks and conduct periodic testing of security controls. You will conduct third-party risk reviews in collaboration with the procurement, legal, and finance teams. You will also assist in identifying, documenting, and managing remediation of risks identified to the business.

This role is also a career-defining opportunity, as you will be a part of a fast-growing tech company that is successfully implementing a key piece of the world's blockchain infrastructure designed to power the digital agreements of the future.

As a Security Assurance Specialist, you will be responsible for strengthening the company's compliance posture, ensuring audit readiness, and driving automation across all security controls. You will play a key role in bridging compliance requirements with scalable technical solutions while enabling teams across the business.

Key Responsibilities

• Lead Compliance Programs & Audits

• Manage end-to-end compliance initiatives (e.g., SOC 2, ISO 27001)

• Serve as the primary liaison with external auditors, internal auditors, and internal stakeholders to ensure successful audit outcomes.

• Drive timely collection, validation, and submission of audit evidence.

• Design & Automate Controls

• Assess current manual controls and partner with Engineering and Security teams to implement automated, technology-driven compliance controls.

• Build and maintain continuous monitoring dashboards to provide real-time visibility into compliance posture.

• Collaborate with tooling teams to integrate compliance checks into internal systems.

• Enablement & Cross-Functional Partnership

• Build strong relationships with Engineering, Security, Legal, People, Finance and Product teams with the goal of embedding compliance into daily workflows.

• Provide guidance to control owners and business units to ensure ownership, accountability, and audit readiness.

• Continuous Improvement

• Benchmark and improve the company's compliance program against industry best practices (NIST, CIS, CSA, ISO, DORA etc.).

• Identify opportunities to reduce manual effort and increase the scalability of compliance activities.
• Stay current with regulatory changes, industry trends, and emerging compliance automation solutions.

Requirements

• Minimum 5+ years of experience in Security Assurance, Security GRC, or a related compliance/security function.
• Proven expertise in security risk assessments, security controls testing and automation.
• Strong knowledge of industry standards and regulatory frameworks (ISO 27001, SOC 2, NIST).
• Experience in implementing, monitoring, and automating security controls aligned with recognized frameworks.
• Skilled in assessing, tracking, and reporting on control deficiencies, and driving timely remediation.
• Solid understanding of technology environments including applications, infrastructure and SaaS
• Ability to translate compliance requirements into technical control implementations and automated processes.
• Proficiency in documenting processes, procedures, and system requirements to improve efficiency and assurance outcomes.
• Comfortable collaborating directly with engineers to embed compliance and assurance into daily workflows.
• Strong analytical and problem-solving skills, with the ability to interpret complex requirements and design practical solutions.
• Excellent written and verbal communication skills; able to engage effectively with stakeholders at all levels, from engineers to executives.
• Detail-oriented with the ability to manage multiple priorities and deliver high-quality work under deadlines.
• Collaborative and proactive, with a passion for continuous improvement and scaling security assurance processes.
• Industry certifications such as CISSP, CISA, ISO 27001 Lead Implementer are a strong plus.

Desired Qualifications

• Blockchain and Web3 knowledge/experience is a plus, along with enthusiasm to engage with emerging technologies.
• Education or experience in the Information Security field
• Certification in any of the following: CISSP, CEH, CRISC, AWS/Azure/CGP security, ISO 27001 Lead Auditor or Implementer, FAIR etc.
• Experience in implementing security awareness and training programs for engineering teams
• High sense of ownership, urgency, and drive, as well asthe ability to collaborate cross-functionally
• Excellent project management and relationship management skills

All roles with Chainlink Labs are global and remote-based. Unless otherwise stated, we ask that you try to overlap some working hours with Eastern Standard Time (EST).
We carefully review all applications and aim to provide a response to every candidate within two weeks after the job posting closes.
The closing date is listed on the job advert, so we encourage you to take the time to thoughtfully prepare your application.
We want to fully consider your experience and skills, and you will hear from us regarding the status of your application shortly after the closing date.
Commitment to Equal Opportunity
Chainlink Labs is an equal opportunity employer. All qualified applicants will receive equal consideration for employment in compliance with applicable laws, regulations, or ordinances. If you need assistance or accommodation due to a disability or special need when applying for a role or in our recruitment process, please contact us via this form.

Global Data Privacy Notice for Job Candidates and Applicants
Information collected and processed as part of your Chainlink Labs Careers profile, and any job applications you choose to submit is subject to our Privacy Policy. By submitting your application, you are agreeing to our use and processing of your data as required.