hero
51
companies
1,299
Jobs

GRC Specialist

Fireblocks

Fireblocks

New York, NY, USA
Posted on Wednesday, May 29, 2024

The world of digital assets is accelerating in speed, magnitude, and complexity, opening the door to new ways for leveraging the blockchain. Fireblocks’ platform and network provide the simplest and most secure way for companies to work with digital assets and it trusted by some of the largest financial institutions, banks, globally-recognized brands, and Web3 companies in the world, including BNY Mellon, BNP Paribas, ANZ Bank, Revolut, and thousands more.

About the Position

Fireblocks CISO department is seeking a seasoned GRC (Governance, Risk, and Compliance) Expert with a strong background in policies and procedures and the ability to conduct security audits to join our dynamic team. The GRC Expert in Security will be critical in managing and enhancing our governance, risk, and compliance framework. The ideal candidate will have extensive experience in security and will be responsible for ensuring that our security practices align with regulatory requirements and industry best practices. This role is pivotal in safeguarding our company’s data integrity and ensuring compliance with financial regulations.

Responsibilities

  • Governance Framework: Develop, implement, and maintain comprehensive governance policies and procedures to ensure financial regulations and standards compliance. Knowledge of NYDFS Part 500 is a plus.
  • Risk Management: Identify, assess, and mitigate security risks, ensuring that robust risk management practices are in place to protect Fireblocks’ assets.
  • Compliance Oversight: Ensure ongoing compliance with industry regulations, including but not limited to NYDFS Part 500, ISO 27001, ISO 27017, CCSS, SOC 2, CIS Benchmark, NIST CSF, and regulations specific to the financial sector.
  • Security Audits: Plan, conduct, and oversee security audits for internal systems and third-party vendors, ensuring thorough evaluation of security controls and compliance.
  • Policy Development: Create and update security policies, standards, and guidelines to address evolving regulatory requirements and emerging security threats.
  • Reporting: Prepare detailed audit reports, risk assessments, and compliance documentation for senior management and regulatory bodies, including KRI and KPI definition and measurement
  • Support Sales team during DDQ, RFPs
  • Customer-facing capabilities to promote Fireblocks’ security assets

The GRC expert position will report to the GRC manager and be the key contact for the CISO/CIO office for supporting GRC functions in the New York region (US- East) primarily and supporting other geographic regions when needed.

Minimum Requirments

  • 5+ years experience preferred in performing and running audits, certification programs, and control assessments, including but not limited to scope planning, defining control procedures based on requirements, policies, and standards, control testing, mapping issues to risks, and socializing results.
  • Advantage: Experience or understanding of the financial/Blockchain/crypto/FinTechs Industry including, the knowledge of Cyber Security regulations e.g NYDFS (New York Department of Financial Service), MAS, HKMA, Reserve Bank of Australia, The Reserve Bank of New Zealand, MICA will be a huge plus
  • Experience in Big 4 companies as a senior security and audit consultant would be preferred
  • Strong knowledge of Public Cloud Service Providers (AWS, Azure, GCP), specifically the type of services offered and industry-standard internal controls and best practices for configuring and managing these services (any cloud certification is a plus).
  • Strong knowledge and experience in security risk management and frameworks including related regulatory compliance requirements (e.g. SOC2 Type 2, ISO 27001, ISO 27017, ISO 27018, CCSS, NIST 800-171 CSF, etc) will be a huge plus
  • Analytical thinker who is highly organized and detail-oriented
  • Strong written and verbal communication skills; ability to effectively communicate and obtain buy-in at all levels of the organization and with internal stakeholders across the business.

Education:

  • Relevant BA/BS degree and/or certifications (e.g, CRISC, CISSP, CISM, CISA, CCSK, ISO Lead Auditor)

For employees hired to work remotely from New York, or from our NYC HQ, Fireblocks is required by law to include a reasonable estimate of the compensation range for this role. This range is specific to New York City and takes into consideration a wide range of factors that are reviewed when making a hiring decision, such as years of experience, skills, and other business needs.

It is not typical for a candidate to be hired at or near the top of the pay range and each compensation decision is dependent on each individual case. A reasonable base salary range estimate for this position is $127,000 - $166,000. The base salary is one component of the total compensation package, which for some roles may include a target bonus, a very competitive equity grant, and very generous benefits.

While we believe competitive compensation is a critical aspect of your decision to join us, we do hope you also spend time considering why our mission and culture are right for you. We are creating something transformational here, and we hope you are as excited about the future as we are.

Fireblocks' mission is to enable every business to easily and securely access digital assets and cryptocurrencies. In order to do that, we strongly believe our workforce should be as diverse as our clients, and this is why we embrace diversity and inclusion in all its forms.

Please see our candidate privacy policy here.