Sr. Manager Governance, Risk, and Compliance
At Ripple, we’re building a world where value moves like information does today. It’s big, it’s bold, and we’re already doing it. Through our crypto solutions for financial institutions, businesses, governments and developers, we are improving the global financial system and creating greater economic fairness and opportunity for more people, in more places around the world. And we get to do the best work of our career and grow our skills surrounded by colleagues who have our backs.
If you’re ready to see your impact and unlock incredible career growth opportunities, join us, and build real world value.
Through our blockchain technology and rapidly growing network of financial institutions, Ripple is improving the global financial system and increasing economic inclusion for more people, in more places around the world. Ripple is looking for passionate Information Security professionals to build a world class Information Security program. As part of the Information Security team, you will help us achieve this mission by actively working to protect our staff, company, and the larger crypto communities we engage with.
WHAT YOU’LL DO:
- Act as primary point of contact for EU/UK regulators
- Attend industry events and participate in industry discussions about regulation and frameworks
- Contribute to periodic assessments of Ripple’s IT and Information security risks
- Support and maintain security controls mapped to EU and UK information security and privacy compliance requirements in Ripple Unified Control Framework
- Lead all aspects of outsourced IT services provided by related entities within the Ripple Group
- Provide periodic updates to Ripple’s Irish and UK Board of Directors on the InfoSec program
- Participate in Information Security and privacy-related audits and examinations conducted by external parties within the EU/UK region
- Assist InfoSec Governance function to develop and maintain InfoSec Policies, Standards and Procedures relevant to InfoSec and privacy compliance
- Work with the Governance team to prepare metrics and reports for UK/EU management and regulators on the status of InfoSec objectives
- Support the GRC team in evaluating and responding to EU/UK customer/prospect questions and audits
- Remain up to date on current security laws, regulations and standards
- Assist the Sr InfoSec Risk Manager to develop effective remediation plans for control deficiencies relevant to regulations and compliance requirements; Perform control testing, document and communicate results in work papers and written reports for the successful certification on an ongoing basis
- Perform security awareness training for employees
- Support all GRC recurring tasks and control related activities within the UK/EU region
- Work collaboratively with Finance, Compliance, Privacy and Legal teams to identify and manage data compliance requirements unique to the EU & UK markets. Make recommendations on improving compliance related processes and/or procedures
- Support regional Security Assurance customer activities, such as assisting in drafting of region-specific security messaging, security due diligence responses, customer security contractual language, etc.
WHAT YOU'LL BRING:
- Degree or equivalent in Computer Science or related field
- 10 years of experience in InfoSec with a specialization in one area of GRC
- A broad understanding of security domains
- Experience working with regulators and auditors
- Experience with electronic money or payments regulatory standards and audits and ITGC Control audits
- Previous approval from the Central Bank of Ireland as a PCF-49
- Proficiency with common information security frameworks including PSD2, ISO 27001, GDPR, MiCA, SOC2, and NIST CSF
- Demonstrated ability to collaborate across teams
- Proven organizational, project management and documentation skills
- Familiarity and experience with IT/Security/GRC toolset, such as : Jira, Confluence, and other GRC platforms etc.
- Ability to analyze empirical evidence and technical reports, identify root causes, work with teams to determine solutions to remediate gaps.
- Familiarly with different cloud concepts and tooling including AWS, GCP
- Someone willing to adapt to change in a fast paced environment
- Experience with cloud-native pre-IPO startup companies
- Experience with AWS security services and tooling
- Desirable certifications: CISSP, CISA, PMP
WHO WE ARE:
Do Your Best Work
- The opportunity to build in a fast-paced start-up environment with experienced industry leaders
- A learning environment where you can dive deep into the latest technologies and make an impact. A professional development budget to support other modes of learning.
- Thrive in an environment where no matter what race, ethnicity, gender, origin, or culture they identify with, every employee is a respected, valued, and empowered part of the team.
- Ripple is Flexible First: you have the option to work from home, from our offices, or a combination of the two around our centers of gravity (15 global offices).
- Weekly all-company meeting - business updates and ask me anything style discussion with our Leadership Team
- We come together for moments that matter which include team offsites, team bonding activities, happy hours and more!
Take Control of Your Finances
- Competitive salary, bonuses, and equity
- Competitive benefits that cover physical and mental healthcare, retirement, family forming, and family support
- Employee giving match
- Mobile phone stipend
Take Care of Yourself
- Twice a quarter R&R days so you can rest and recharge
- Generous wellness reimbursement and weekly onsite & virtual programming
- Generous vacation policy - work with your manager to take time off when you need it
- Industry-leading parental leave policies. Family planning benefits.
- Catered lunches, fully-stocked kitchens with premium snacks/beverages, and plenty of fun events
Benefits listed above are for full-time Ripple employees. For all Metaco roles, please discuss benefits with your recruiter.