Program Manager, Infosec GRC

THE WORK:

Through our blockchain technology and rapidly growing network of financial institutions, Ripple is improving the global financial system and increasing economic inclusion for more people, in more places around the world. Ripple is looking for passionate Information Security professionals to build a world-class Information Security program. In this critical role, you will be responsible for leading technical control testing and evidence collection across financial, security, customer, and regulatory audits in the fast-moving digital asset and stablecoin space, while also creating and delivering broader information security and GRC education materials to strengthen audit readiness and build security awareness across teams..

WHAT YOU'LL DO:

• Map new regulatory and security frameworks (e.g., SOC 2, ISO 27001, DORA, GDPR) to the existing enterprise control library, identifying overlaps, gaps, and enhancement opportunities.
• Scope, plan, and independently execute periodic technical control testing, validating the effectiveness of ITGC, Infosec, and regulatory controls across multiple environments (cloud, infrastructure, applications).
• Gain direct system access and pull technical evidence (e.g., logs, system settings, access reports) for control testing, audits, and continuous compliance efforts.
• Represent technical control operations during internal and external audits, financial audits, customer audits, and regulatory exams, demonstrating a strong working knowledge of infrastructure, application, and security processes.
• Develop and maintain technical training materials and documentation for internal GRC processes, system workflows, and evidence collection procedures.
• Deliver training to technical and non-technical audiences
• Identify deficiencies or gaps during control testing and escalate to control owners, supporting them in understanding audit expectations without assuming direct remediation responsibilities.
• Stay current on the organization's technical environment to effectively scope audit requests and assess risk implications.
• Support continuous improvement initiatives such as enhanced evidence collection processes, audit readiness activities, and knowledge sharing across the GRC team.
• Align policies, standards, and procedures with compliance objectives
• Prepare metrics and reports for management on the status of Security GRC objectives
• Evaluate and respond to customer/prospect questions and audits. Assist in aligning compliance reports and the public-facing Customer Trust Portal to reduce the overall number of customer requests
• Remain up to date on current security laws, regulations, and standards
• Represent the Security GRC team by actively engaging in projects and providing guidance, requirements, and documentation when requested
• Partner with the wider Information Security team, Engineering, Compliance, Finance and Product, Legal, and Sales teams on security matters with the ability to have a direct impact on Ripple's products' security and customer trust.
• Create, evaluate, document, and maintain standards, processes, and procedures relative to security and privacy
• Engage with management to identify possible resolutions to control weaknesses and opportunities for improvement

WHAT YOU'LL BRING:

• Bachelor's Degree in relevant discipline or equivalent work experience
• 5+ years of experience in information security risk management and compliance within a highly regulated industry
• Solid understanding of IT general controls (ITGCs) within the context of financial audits, information security principles, cloud services (e.g., AWS, Azure), and technical systems (e.g., IAM, endpoint management, databases).
• Hands-on experience pulling technical evidence such as system logs, configuration screenshots, audit reports, and database queries.
• Strong analytical and documentation skills with an ability to translate technical processes into clear, structured training materials.
• Experience with regulatory frameworks such as NYDFS, DORA, MAS, and CSSF and leading regulatory examinations and interfacing with regulators.
• Comfortable working independently in technical environments, quickly learning new systems and processes.
• Proficiency with common information security frameworks, including SOC2, NIST, CSA Cloud Controls Matrix (CCM), and ISO 27001
• Ability to create clear, audience-tailored technical documentation, SOPs, and training content.
• Experience developing and delivering training workshops or informal learning sessions on technical processes or compliance practices.
• Familiarity with capability maturity frameworks
• Ability to collaborate effectively across cross-functional teams of engineers, product managers, security and compliance experts
• Demonstrated organizational, project management, and documentation skills
• Familiarity and experience with IT/Security tooling such as Jira, Confluence, JupiterOne, Okta, AWS, integrated GRC platforms, etc
• Ability to analyze empirical evidence and technical reports, identify root causes, and work with teams to identify solutions to remediate gaps
• Experience in a distributed environment, a fast-moving environment
• Experience with cloud-native pre-IPO startup companies
• Desirable certifications: CISSP, CISA, AWS Certified Security, PMP