WHAT YOU’LL DO:

📍Act as primary point of contact for EU/UK regulators 📍Attend industry events and participate in industry discussions about regulation and frameworks 📍Contribute to periodic assessments of Ripple’s IT and Information security risks 📍Support and maintain security controls mapped to EU and UK information security and privacy compliance requirements in Ripple Unified Control Framework 📍Lead all aspects of outsourced IT services provided by related entities within the Ripple Group 📍Provide periodic updates to Ripple’s Irish and UK Board of Directors on the InfoSec program 📍Participate in Information Security and privacy-related audits and examinations conducted by external parties within the EU/UK region 📍Assist InfoSec Governance function to develop and maintain InfoSec Policies, Standards and Procedures relevant to InfoSec and privacy compliance 📍Work with the Governance team to prepare metrics and reports for UK/EU management and regulators on the status of InfoSec objectives 📍Support the GRC team in evaluating and responding to EU/UK customer/prospect questions and audits 📍Remain up to date on current security laws, regulations and standards 📍Assist the Sr InfoSec Risk Manager to develop effective remediation plans for control deficiencies relevant to regulations and compliance requirements; Perform control testing, document and communicate results in work papers and written reports for the successful certification on an ongoing basis 📍Perform security awareness training for employees 📍Support all GRC recurring tasks and control related activities within the UK/EU region 📍Work collaboratively with Finance, Compliance, Privacy and Legal teams to identify and manage data compliance requirements unique to the EU & UK markets. Make recommendations on improving compliance related processes and/or procedures 📍Support regional Security Assurance customer activities, such as assisting in drafting of region-specific security messaging, security due diligence responses, customer security contractual language, etc.

WHAT YOU'LL BRING:

📍Degree or equivalent in Computer Science or related field 📍10 years of experience in InfoSec with a specialization in one area of GRC 📍A broad understanding of security domains 📍Experience working with regulators and auditors 📍Experience with electronic money or payments regulatory standards and audits and ITGC Control audits 📍Previous approval from the Central Bank of Ireland as a PCF-49 📍Proficiency with common information security frameworks including PSD2, ISO 27001, GDPR, MiCA, SOC2, and NIST CSF 📍Demonstrated ability to collaborate across teams 📍Proven organizational, project management and documentation skills 📍Familiarity and experience with IT/Security/GRC toolset, such as : Jira, Confluence, and other GRC platforms etc. 📍Ability to analyze empirical evidence and technical reports, identify root causes, work with teams to determine solutions to remediate gaps. 📍Familiarly with different cloud concepts and tooling including AWS, GCP 📍Someone willing to adapt to change in a fast paced environment 📍Experience with cloud-native pre-IPO startup companies 📍Experience with AWS security services and tooling 📍Desirable certifications: CISSP, CISA, PMP