Information Security Manager, Compliance
RippleRipple is the leading provider of crypto solutions for businesses. Learn how we’re helping organizations of all sizes drive impact with the power of crypto.
At Ripple, we’re building a world where value moves like information does today. It’s big, it’s bold, and we’re already doing it. Through our crypto solutions for financial institutions, businesses, governments and developers, we are improving the global financial system and creating greater economic fairness and opportunity for more people, in more places around the world. And we get to do the best work of our career and grow our skills surrounded by colleagues who have our backs.
If you’re ready to see your impact and unlock incredible career growth opportunities, join us, and build real world value.
Through our blockchain technology and rapidly growing network of financial institutions, Ripple is improving the global financial system and increasing economic inclusion for more people, in more places around the world. Ripple is looking for passionate Information Security professionals to build a world-class Information Security program. As part of the Information Security team, you will help us achieve this mission by actively working to protect our staff, company, and the larger crypto communities we engage with.
WHAT YOU’LL DO:
- Examine, evaluate, and document internal controls based on various security standards (NIST CSF, MAS, ITGC, SOC2, ISO-27001, etc.)
- Lead IT-related audits and examinations conducted by external parties
- Align policies, standards and procedures with compliance objectives
- Prepare metrics and reports for management on the status of GRC objectives
- Evaluate and respond to customer/prospect questions and audits. Assist in aligning compliance reports and public-facing Trust Page to reduce the overall number of customer requests
- Remain up to date on current security laws, regulations and standards
- Represent the GRC Team by participating directly with projects and provide guidance, requirements and documentation for security-related purposes when requested
- Create, evaluate, document and maintain standards, processes and procedures relative to security and privacy
- Engage with management to identify possible resolutions to control weaknesses and opportunities for improvement.
- Perform GRC recurring tasks as required
- Provide consultative guidance and oversight to project teams to design, develop, deploy and sustain solutions that meet compliance requirements, including but not limited to a set of technical deliverables, cost, schedule, quality, and status reporting
- Assist in selecting, configuring and/or administering program via GRC tools
- Assist with building and/or testing integrations and automations with SaaS/IaaS platforms to collect evidence for security audits and monitor for security configurations
- Assist with developing configuration monitoring capabilities for SaaS and IaaS platforms
WHAT YOU'LL BRING:
- Degree or equivalent in Computer Science or related field
- 7 years of experience in Information Security with a specialization in one area of GRC
- A broad understanding of security domains
- Experience working with engineering teams to understand issues and prioritize remediations
- Experience with Money Transmitter License (MTL) regulatory standards and audits and ITGC Control audits
- Proficiency with common information security frameworks including SOC2, NIST CSF, and ISO 27001
- Demonstrated ability to collaborate effectively across teams
- Demonstrated organizational, project management and documentation skills
- Familiarity and experience with IT/Security/GRC toolset, such as : Jira, Confluence, integrated GRC platforms etc.
- Ability to analyze empirical evidence and technical reports, identify root causes, work with teams to identify solutions to remediate gaps.
- Familiarly with different cloud concepts and tooling including AWS, GCP
- Experience in a remote-first and distributed environment
- Someone willing to adapt to change in a fast moving environment
- Experience with cloud-native pre-IPO startup companies
- Experience with AWS security services and tooling
- Desirable certifications: CISSP, CISA, PMP
WHO WE ARE:
Do Your Best Work
- The opportunity to build in a fast-paced start-up environment with experienced industry leaders
- A learning environment where you can dive deep into the latest technologies and make an impact. A professional development budget to support other modes of learning.
- Thrive in an environment where no matter what race, ethnicity, gender, origin, or culture they identify with, every employee is a respected, valued, and empowered part of the team.
- Ripple is Flexible First: in-office collaboration for moments that matter is important to our culture, and we give managers and teams the flexibility to decide which days they come in.
- Weekly all-company meeting - business updates and ask me anything style discussion with our Leadership Team
- We come together for moments that matter which include team offsites, team bonding activities, happy hours and more!
Take Control of Your Finances
- Competitive salary, bonuses, and equity
- Competitive benefits that cover physical and mental healthcare, retirement, family forming, and family support
- Employee giving match
- Mobile phone stipend
Take Care of Yourself
- Twice a quarter R&R days so you can rest and recharge
- Generous wellness reimbursement and weekly onsite & virtual programming
- Generous vacation policy - work with your manager to take time off when you need it
- Industry-leading parental leave policies. Family planning benefits.
- Catered lunches, fully-stocked kitchens with premium snacks/beverages, and plenty of fun events
Benefits listed above are for full-time employees.Ripple is an Equal Opportunity Employer. We’re committed to building a diverse and inclusive team. We do not discriminate against qualified employees or applicants because of race, color, religion, gender identity, sex, sexual identity, pregnancy, national origin, ancestry, citizenship, age, marital status, physical disability, mental disability, medical condition, military status, or any other characteristic protected by local law or ordinance. Please find our UK/EU Applicant Privacy Notice and our California Applicant Privacy Notice for reference.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Perks/benefits: Career development Competitive pay Equity Flex hours Flex vacation Home office stipend Lunch / meals Medical leave Parental leave Snacks / Drinks Startup environment Team events Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Penetration Tester jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Senior Security Analyst jobs
- Open Cyber Security Architect jobs
- Open Cybersecurity Analyst jobs
- Open Security Operations Engineer jobs
- Open Product Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Chief Information Security Officer jobs
- Open Security Specialist jobs
- Open Ingénieur DevSecops H/F jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Infosec Risk Manager jobs
- Open Agile-related jobs
- Open C-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open CISM-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Analytics-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open SaaS-related jobs
- Open DevOps-related jobs
- Open Threat intelligence-related jobs
- Open Security Clearance-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open CI/CD-related jobs
- Open Forensics-related jobs
- Open Splunk-related jobs
- Open IDS-related jobs