Sr GRC Risk Manager

Through our blockchain technology and rapidly growing network of financial institutions, Ripple is improving the global financial system and increasing economic inclusion for more people, in more places around the world. Ripple is looking for a passionate Information Security leader to build a world class Information Security program. As a leader on the Information Security team, you will help us achieve this mission by actively working to protect our staff, company, and the larger crypto communities we engage with.

In this role, you will specialize in one of the following areas and participate in the other areas while we continue to build out a world-class Governance, Risk and Compliance Team.

Under the general direction of the Director of Governance, Risk and Compliance, the role is responsible for design and implementation of controls to build and enhance the Governance, Risk and Compliance program.

WHAT YOU’LL DO:

Risk

  • Perform Annual Risk Assessment (NIST 800-53/ISO 27001) 
  • Perform periodic issue-specific assessments (e.g. specific environments, technologies, geographies, new ventures)
  • Creation of metrics  informing leadership of issues resulting from risk analysis and establishing potential solutions that are appropriate for the business and system architecture.
  • Consultative guidance and oversight to cross-functional teams and business stakeholders to understand risks to critical infrastructure by defining potential business impact with the responsibility to apply effective mitigation strategies.
  • Work closely within the InfoSec Team to detect potential security weaknesses and develop creative ways to address challenges unique to the business and systems architecture.
  • Maintains updated knowledge in the field of risk management and compliance to efficiently work on frameworks including NIST CSF, ISO27001, GDPR, SOX, etc.
  • Understanding of qualitative vs. quantitative risk management and inherent vs. residual risk to properly establish, evaluate, and report on technology risk levels at the project and enterprise level.
  • Effectively engages stakeholders, business partners, and vendors to maintain an understanding of current risks, new systems, and changes to the environment.
  • Understanding of security functions including: Incident Management, Change Management, Identity and Access Management, and Vendor Security Risk Management.
  • Create, maintain, enforce, and track the Information Security exception process
  • Must stay current with industry, regulatory, and legal requirements relevant to security, compliance, and privacy.
  • Assist in selecting, configuring and/or administering program via GRC tools

WHAT WE’RE LOOKING FOR:

  • Degree or equivalent in Computer Science or related field
  • 10 years of experience in Information Security with a specialization in one area of GRC 
  • Co-create and help articulate Information Security strategy across the company
  • A broad understanding of all security domains, CISSP or similar certification preferred
  • Experience working with engineering teams to understand issues and prioritize remediations
  • Proficiency with common information security frameworks including SOC2, NIST CSF, and ISO 27001
  • Demonstrated ability to collaborate effectively across teams 
  • Familiarity and experience with IT/Security/GRC toolset, such as : Jira, Confluence, Whistic, GRC platforms,risk ratings tools, data collection tools
  • Ability to analyze empirical evidence and technical reports, identify root causes, recommend solutions, prioritize projects according to risk and compliance drivers, and drive technical projects through to completion. 
  • Familiarly with different cloud concepts and tooling including AWS, GCP (certification preferred)
  • Experience in a remote-first and distributed environment
  • Someone willing to adapt to change in a fast moving environment
  • Experience with cloud-native pre-IPO startup companies
  • Experience with AWS security services and tooling
  • Mentoring less experienced team members

WHAT WE OFFER:

  • The chance to work in a fast-paced start-up environment with experienced industry leaders
  • A learning environment where you can dive deep into the latest technologies and make an impact
  • Competitive salary and equity
  • 100% paid medical and dental and 95% paid vision insurance for employees starting on your first day
  • 401k (with match), commuter benefits
  • Industry-leading parental leave policies
  • Generous wellness reimbursement and weekly onsite programs
  • Flexible vacation policy – work with your manager to take time off when you need it
  • Employee giving match
  • Modern office in San Francisco’s Financial District
  • Fully-stocked kitchen with organic snacks, beverages, and coffee drinks
  • Weekly company meeting – ask me anything style discussion with our Leadership Team
  • Team outings to sports games, happy hours, game nights and more!