Key responsibilities:

  • Examine, evaluate, and document internal controls based on various security standards (NIST CSF, SOC2, ISO-27001, etc.)
  • Lead IT-related audits and examinations conducted by external parties
  • Align policies, standards and procedures with compliance objectives
  • Prepare metrics and reports for management on the status of GRC objectives
  • Evaluate and respond to customer/prospect questions and audits. Assist in aligning compliance reports and public-facing Trust Page to reduce the overall number of customer requests
  • Remain up to date on current security laws, regulations and standards
  • Represent the GRC Team by participating directly with projects and provide guidance, requirements and documentation for security-related purposes when requested
  • Create, evaluate, document and maintain standards, processes and procedures relative to security and privacy
  • Engage with management to identify possible resolutions to control weaknesses and opportunities for improvement.
  • Perform GRC recurring tasks as required 
  • Provide consultative guidance and oversight to project teams to design, develop, deploy and sustain solutions that meet compliance requirements, including but not limited to a set of technical deliverables, cost, schedule, quality, and status reporting
  • Assist in selecting, configuring and/or administering program via GRC tools
  • Prepare, update and maintain customer-facing documentation
  • Assist with building and/or testing integrations and automations with SaaS/IaaS platforms to collect evidence for security audits and monitor for security configurations
  • Assist with developing configuration monitoring capabilities for SaaS and IaaS platforms

 

What We’re Looking For

  • Degree or equivalent in Computer Science or related field
  • 5-8 years of experience in Information Security with a specialization in one area of GRC 
  • Co-create and help articulate Information Security strategy across the company
  • A broad understanding of all security domains, CISSP or similar certification preferred
  • Experience working with engineering teams to understand issues and prioritize remediations
  • Proficiency with common information security frameworks including SOC2, NIST CSF, and ISO 27001
  • Demonstrated ability to collaborate effectively across teams 
  • Familiarity and experience with IT/Security/GRC toolset, such as : Jira, Confluence, Whistic, GRC platforms,risk ratings tools, data collection tools
  • Ability to analyze empirical evidence and technical reports, identify root causes, recommend solutions, prioritize projects according to risk and compliance drivers, and drive technical projects through to completion. 
  • Familiarly with different cloud concepts and tooling including AWS, GCP 
  • Experience in a remote-first and distributed environment
  • Someone willing to adapt to change in a fast moving environment
  • Experience with cloud-native pre-IPO startup companies
  • Experience with AWS security services and tooling

WHAT WE OFFER:

  • The chance to work in a fast-paced start-up environment with experienced industry leaders
  • A learning environment where you can dive deep into the latest technologies and make an impact
  • Competitive salary and equity
  • 100% paid medical and dental and 95% paid vision insurance for employees starting on your first day
  • 401k (with match), commuter benefits
  • Industry-leading parental leave policies
  • Generous wellness reimbursement and weekly onsite programs
  • Flexible vacation policy - work with your manager to take time off when you need it
  • Employee giving match
  • Modern office in San Francisco’s Financial District
  • Fully-stocked kitchen with organic snacks, beverages, and coffee drinks
  • Weekly company meeting - ask me anything style discussion with our Leadership Team
  • Team outings to sports games, happy hours, game nights and more!
 

Ripple is flexible-first: Ripplers have the option to work remotely, from our offices, or a combination.

 

WHO WE ARE:

Ripple is doing for value what the internet did for information: enabling its instant and seamless flow around the world. We call this the Internet of Value (IoV). Using blockchain and cryptocurrency technology, Ripple is dedicated to creating powerful gains in financial efficiency, equity and inclusion. In addition, Ripple is developing and enabling the future use cases that will catalyze the new digital economy for governments, businesses and consumers.

Ripple has offices in San Francisco (HQ), New York, London, Mumbai, Singapore, São Paulo, Reykjavík, Washington D.C. and Dubai.


Ripple is an Equal Opportunity Employer. We’re committed to building a diverse and inclusive team. We do not discriminate against qualified employees or applicants because of race, color, religion, gender identity, sex, sexual preference, sexual identity, pregnancy, national origin, ancestry, citizenship, age, marital status, physical disability, mental disability, medical condition, military status, or any other characteristic protected by local law or ordinance.
 

Apply for this Job

* Required

  
  


Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Ripple ’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.


Form CC-305

OMB Control Number 1250-0005

Expires 05/31/2023

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression

1Section 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.