Information Security Manager
Compliance
Posted on 2/2/2024
Ripple

1,001-5,000 employees

Enterprise blockchain
Company Overview
Ripple's mission is to provide one frictionless experience to send money globally using the power of blockchain technology.
Financial Services
Crypto & Web3

Company Stage

Series C

Total Funding

$319.4M

Founded

2012

Headquarters

San Francisco, California

Growth & Insights
Headcount

6 month growth

4%

1 year growth

19%

2 year growth

63%
Locations
London, UK
Experience Level
Entry
Junior
Mid
Senior
Expert
Desired Skills
Management
AWS
JIRA
Confluence
Google Cloud Platform
CategoriesNew
QA & Testing
IT & Security
Software Engineering
Requirements
  • Degree or equivalent in Computer Science or related field
  • 7 years of experience in Information Security with a specialization in one area of GRC
  • Proficiency with common information security frameworks including SOC2, NIST CSF, and ISO 27001
  • Experience with Money Transmitter License (MTL) regulatory standards and audits and ITGC Control audits
  • Familiarity and experience with IT/Security/GRC toolset, such as : Jira, Confluence, integrated GRC platforms etc.
  • Experience with AWS security services and tooling
Responsibilities
  • Examine, evaluate, and document internal controls based on various security standards (NIST CSF, MAS, ITGC, SOC2, ISO-27001, etc.)
  • Lead IT-related audits and examinations conducted by external parties
  • Align policies, standards and procedures with compliance objectives
  • Prepare metrics and reports for management on the status of GRC objectives
  • Evaluate and respond to customer/prospect questions and audits. Assist in aligning compliance reports and public-facing Trust Page to reduce the overall number of customer requests
  • Remain up to date on current security laws, regulations and standards
  • Represent the GRC Team by participating directly with projects and provide guidance, requirements and documentation for security-related purposes when requested
  • Create, evaluate, document and maintain standards, processes and procedures relative to security and privacy
  • Engage with management to identify possible resolutions to control weaknesses and opportunities for improvement
  • Perform GRC recurring tasks as required
  • Provide consultative guidance and oversight to project teams to design, develop, deploy and sustain solutions that meet compliance requirements, including but not limited to a set of technical deliverables, cost, schedule, quality, and status reporting
  • Assist in selecting, configuring and/or administering program via GRC tools
  • Assist with building and/or testing integrations and automations with SaaS/IaaS platforms to collect evidence for security audits and monitor for security configurations
  • Assist with developing configuration monitoring capabilities for SaaS and IaaS platforms
Desired Qualifications
  • Demonstrated ability to collaborate effectively across teams
  • Demonstrated organizational, project management and documentation skills
  • Ability to analyze empirical evidence and technical reports, identify root causes, work with teams to identify solutions to remediate gaps
  • Familiarly with different cloud concepts and tooling including AWS, GCP
  • Experience in a remote-first and distributed environment
  • Someone willing to adapt to change in a fast moving environment
  • Experience with cloud-native pre-IPO startup companies
  • Desirable certifications: CISSP, CISA, PMP