WHAT YOU’LL DO:

📍Conduct comprehensive information security risk assessments, identifying vulnerabilities, and recommending mitigation strategies to ensure secure operations 📍Assist with the development, implementation, and continuous improvement of the integrated governance, risk and compliance program 📍Develop internal controls tailored to meet compliance with various security standards (CIS, NIST CSF, NYDFS, PSD2, MAS, SOC2, ISO 27001, etc.) 📍Align policies, standards, and procedures with compliance objectives 📍Prepare metrics and reports for management on the status of Security GRC objectives 📍Evaluate and respond to customer/prospect questions and audits. Assist in aligning compliance reports and the public-facing Customer Trust Portal to reduce the overall number of customer requests 📍Remain up to date on current security laws, regulations, and standards 📍Represent the Security GRC team by actively engaging in projects and providing guidance, requirements, and documentation when requested 📍Partner with the wider Information Security team, Engineering, Product, Legal, and Sales teams on security matters with the ability to have a direct impact on Ripple’s products' security and customer trust. 📍Create, evaluate, document, and maintain standards, processes, and procedures relative to security and privacy 📍Engage with management to identify possible resolutions to control weaknesses and opportunities for improvement 📍Plan, automate and monitor evidence collection and testing of security controls 📍Provide consultative guidance and oversight to Information Security and Engineering teams 📍Assist in selecting, configuring, and/or administering the program via integrated GRC tools 📍Assist with writing queries and building automation to collect evidence for audits, control testing, and monitoring of security configurations 📍Assist with developing configuration monitoring capabilities for SaaS and IaaS platforms

WHAT YOU'LL BRING:

📍Bachelor's Degree in relevant discipline or equivalent work experience 📍5+ years of experience in information security risk management and compliance within a highly regulated industry 📍A solid foundation in a technical information security role, with hands-on experience in areas such as infrastructure security, security operations, or security architecture, demonstrating a deep understanding of technical security measures and best practices 📍Exceptional writing abilities, capable of clearly and effectively communicating risks, and crafting policies and procedures with professionalism and accuracy 📍Experience working with engineering teams to understand issues and prioritize remediations 📍The ability to obtain a deep understanding of the company’s technology and product stack is essential, enabling the identification and assessment of associated security risks with precision and depth