At Ripple, we’re building a world where value moves like information does today. It’s big, it’s bold, and we’re already doing it. Through our crypto solutions for financial institutions, businesses, governments and developers, we are improving the global financial system and creating greater economic fairness and opportunity for more people, in more places around the world. And we get to do the best work of our career and grow our skills surrounded by colleagues who have our backs. 

If you’re ready to see your impact and unlock incredible career growth opportunities, join us, and build real world value.

THE WORK:

Through our blockchain technology and rapidly growing network of financial institutions, Ripple is improving the global financial system and increasing economic inclusion for more people, in more places around the world.  Ripple is looking for passionate Information Security professionals to build a world-class Information Security program. In this critical role, you will be responsible for identifying, evaluating, and mitigating security risks to ensure the protection of company assets and data. Your expertise will also extend to assessing compliance risks and ensuring adherence to key regulatory and security frameworks.

WHAT YOU’LL DO:

• Conduct comprehensive information security risk assessments, identifying vulnerabilities, and recommending mitigation strategies to ensure secure operations
• Assist with the development, implementation, and continuous improvement of the integrated governance, risk and compliance program
• Develop internal controls tailored to meet compliance with various security standards (CIS, NIST CSF, NYDFS, PSD2, MAS, SOC2, ISO 27001, etc.)
• Align policies, standards, and procedures with compliance objectives
• Prepare metrics and reports for management on the status of Security GRC objectives
• Evaluate and respond to customer/prospect questions and audits. Assist in aligning compliance reports and the public-facing Customer Trust Portal to reduce the overall number of customer requests
• Remain up to date on current security laws, regulations, and standards
• Represent the Security GRC team by actively engaging in projects and providing guidance, requirements, and documentation when requested
• Partner with the wider Information Security team, Engineering, Product, Legal, and Sales teams on security matters with the ability to have a direct impact on Ripple’s products’ security and customer trust. 
• Create, evaluate, document, and maintain standards, processes, and procedures relative to security and privacy
• Engage with management to identify possible resolutions to control weaknesses and opportunities for improvement
• Plan, automate and monitor evidence collection and testing of security controls 
• Provide consultative guidance and oversight to Information Security and Engineering teams
• Assist in selecting, configuring, and/or administering the program via integrated GRC tools
• Assist with writing queries and building automation to collect evidence for audits, control testing, and monitoring of security configurations
• Assist with developing configuration monitoring capabilities for SaaS and IaaS platforms

WHAT YOU’LL BRING: 

• Bachelor’s Degree in relevant discipline or equivalent work experience
• 5+ years of experience in information security risk management and compliance within a highly regulated industry 
• A solid foundation in a technical information security role, with hands-on experience in areas such as infrastructure security, security operations, or security architecture, demonstrating a deep understanding of technical security measures and best practices 
• Exceptional writing abilities, capable of clearly and effectively communicating risks, and crafting policies and procedures with professionalism and accuracy 
• Experience working with engineering teams to understand issues and prioritize remediations
• The ability to obtain a deep understanding of the company’s technology and product stack is essential, enabling the identification and assessment of associated security risks with precision and depth
• Exceptional analytical skills with the ability to translate complex security risks into clear and actionable recommendations
• Proficiency with common information security frameworks including SOC2, NIST CSF, CIS, CSA Cloud Controls Matrix (CCM), and ISO 27001
• Familiarity with capability maturity frameworks
• Hands-on experience assessing and managing security risks in public cloud environments, with a strong preference for expertise in AWS
• Experience with J1 (Jupiter One), Noetic or asset analysis tooling, Workato or enterprise automation tooling and LogicGate or integrated GRC cloud-based tooling.
• Proficiency in evaluating security risks associated with Kubernetes and container orchestration environments is not mandatory, but highly desirable
• Demonstrated ability to navigate cloud security and compliance challenges effectively
• Ability to collaborate effectively across cross-functional teams of engineers, product managers, security and compliance experts
• Demonstrated organizational, project management, and documentation skills 
• Familiarity and experience with IT/Security tooling such as Jira, Confluence, JupiterOne, Okta, AWS, integrated GRC platforms, etc
• Ability to analyze empirical evidence and technical reports, identify root causes, and work with teams to identify solutions to remediate gaps
• Experience in a remote-first and distributed environment
• Someone willing to adapt to changes in a fast-moving environment
• Experience with cloud-native pre-IPO startup companies
• Desirable certifications:  CISSP, CISA, AWS Certified Solutions Architect, AWS Certified Security, PMP

WHO WE ARE:

Do Your Best Work

• The opportunity to build in a fast-paced start-up environment with experienced industry leaders
• A learning environment where you can dive deep into the latest technologies and make an impact.  A professional development budget to support other modes of learning.
• Thrive in an environment where no matter what race, ethnicity, gender, origin, or culture they identify with, every employee is a respected, valued, and empowered part of the team.
• In-office collaboration for moments that matter is important to our culture, and we give managers and teams the flexibility to decide which 10+ days a month they come in. 
• Weekly all-company meeting - business updates and ask me anything style discussion with our Leadership Team
• We come together for moments that matter which include team offsites, team bonding activities, happy hours and more!

Take Control of Your Finances

• Competitive salary, bonuses, and equity
• Competitive benefits that cover physical and mental healthcare, retirement, family forming, and family support
• Employee giving match
• Mobile phone stipend

Take Care of Yourself

• R&R days so you can rest and recharge
• Generous wellness reimbursement and weekly onsite & virtual programming
• Generous vacation policy - work with your manager to take time off when you need it
• Industry-leading parental leave policies. Family planning benefits.
• Catered lunches, fully-stocked kitchens with premium snacks/beverages, and plenty of fun events

Benefits listed above are for full-time employees.