Through our blockchain technology and rapidly growing network of financial institutions, Ripple is improving the global financial system and increasing economic inclusion for more people, in more places around the world. Ripple is looking for a passionate Information Security leader to build a world class Information Security program. As a leader on the Information Security team, you will help us achieve this mission by actively working to protect our staff, company, and the larger crypto communities we engage with.

 

In this role, you will specialize in one of the following areas and participate in the other areas while we continue to build out a world-class Governance, Risk and Compliance Team.

 

Under the general direction of the Director of Governance, Risk and Compliance, the role is responsible for design and implementation of controls to build and enhance the Governance, Risk and Compliance program.

 

WHAT YOU'LL DO:

  • Perform Annual Risk Assessment (NIST 800-53/ISO 27001) 
  • Creation of risk management program
  • Create, maintain, enforce, and track the risk acceptance process
  • Creation and management of issue log and risk register
  • Perform periodic issue-specific assessments (e.g. specific environments, technologies, geographies, new ventures)
  • Creation of metrics  informing leadership of issues resulting from risk analysis and establishing potential solutions that are appropriate for the business and system architecture.
  • Consultative guidance and oversight to cross-functional teams and business stakeholders to understand risks to critical infrastructure by defining potential business impact with the responsibility to apply effective mitigation strategies.
  • Work closely within the InfoSec Team to detect potential security weaknesses and develop creative ways to address challenges unique to the business and systems architecture.
  • Maintains updated knowledge in the field of risk management and compliance to efficiently work on frameworks including NIST CSF, ISO27001, GDPR, SOX, etc.
  • Understanding of qualitative vs. quantitative risk management and inherent vs. residual risk to properly establish, evaluate, and report on technology risk levels at the project and enterprise level.
  • Effectively engages stakeholders, business partners, and vendors to maintain an understanding of current risks, new systems, and changes to the environment.
  • Understanding of security functions including: Incident Management, Change Management, Identity and Access Management, and Vendor Security Risk Management.
  • Create, maintain, enforce, and track the risk acceptance process
  • Must stay current with industry, regulatory, and legal requirements relevant to security, compliance, and privacy.
  • Assist in selecting, configuring and/or administering program via GRC tools

WHAT WE'RE LOOKING FOR:

  • Degree or equivalent in Computer Science or related field
  • 10 years of experience in Information Security with a specialization in one area of GRC 
  • Co-create and help articulate Information Security strategy across the company
  • A broad understanding of all security domains, CISSP or similar certification preferred
  • Experience working with engineering teams to understand issues and prioritize remediations
  • Proficiency with common information security frameworks including SOC2, NIST CSF, and ISO 27001
  • Demonstrated ability to collaborate effectively across teams 
  • Familiarity and experience with IT/Security/GRC toolset, such as : Jira, Confluence, Whistic, GRC platforms,risk ratings tools, data collection tools
  • Ability to analyze empirical evidence and technical reports, identify root causes, recommend solutions, prioritize projects according to risk and compliance drivers, and drive technical projects through to completion. 
  • Familiarly with different cloud concepts and tooling including AWS, GCP (certification preferred)
  • Experience in a remote-first and distributed environment
  • Someone willing to adapt to change in a fast moving environment
  • Experience with cloud-native pre-IPO startup companies
  • Experience with AWS security services and tooling
  • Mentoring less experienced team members

WHAT WE OFFER:

  • The chance to work in a fast-paced start-up environment with experienced industry leaders
  • A learning environment where you can dive deep into the latest technologies and make an impact
  • Competitive salary and equity
  • 100% paid medical and dental and 95% paid vision insurance for employees starting on your first day
  • 401k (with match), commuter benefits
  • Industry-leading parental leave policies
  • Generous wellness reimbursement and weekly onsite programs
  • Flexible vacation policy - work with your manager to take time off when you need it
  • Employee giving match
  • Modern office in San Francisco’s Financial District
  • Fully-stocked kitchen with organic snacks, beverages, and coffee drinks
  • Weekly company meeting - ask me anything style discussion with our Leadership Team
  • Team outings to sports games, happy hours, game nights and more!
 

Ripple is flexible-first: Ripplers have the option to work remotely, from our offices, or a combination.

 

WHO WE ARE:

Ripple is doing for value what the internet did for information: enabling its instant and seamless flow around the world. We call this the Internet of Value (IoV). Using blockchain and cryptocurrency technology, Ripple is dedicated to creating powerful gains in financial efficiency, equity and inclusion. In addition, Ripple is developing and enabling the future use cases that will catalyze the new digital economy for governments, businesses and consumers.

Ripple has offices in San Francisco (HQ), New York, London, Mumbai, Singapore, São Paulo, Reykjavík, Washington D.C. and Dubai.


Ripple is an Equal Opportunity Employer. We’re committed to building a diverse and inclusive team. We do not discriminate against qualified employees or applicants because of race, color, religion, gender identity, sex, sexual preference, sexual identity, pregnancy, national origin, ancestry, citizenship, age, marital status, physical disability, mental disability, medical condition, military status, or any other characteristic protected by local law or ordinance.
 

Apply for this Job

* Required

  
  


Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Ripple ’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.


Form CC-305

OMB Control Number 1250-0005

Expires 05/31/2023

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression

1Section 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.