About The Position
The Governance, Risk, and Compliance expert is responsible for the assessing and documenting of Fireblocks’s compliance and risk posture.
Fireblocks Security, Governance, Risk, and Compliance (GRC) expert is responsible for ensuring Fireblocks leadership has the information needed to make strategic risk-based decisions enabling the achievement of Fireblocks business objectives globally. The GRC expert will deploy common governance, risk, and compliance processes, controls, conducts audits, document, and ensures that technologies and business operations structured and configured for data protection and compliance.
Responsibilities require leadership and project management experience, as well as expertise to ensure effective system-wide security analysis; business processes; Documentation; standards guidelines and testing; risk assessment; awareness and education; and development of policies.
· 7+ years experience in performing and running audits, certification programs and control assessments, including but not limited to scope planning, defining control procedures based on requirements, policies and standards, control testing, mapping issues to risks and socializing results.
· Strong knowledge of and experience in security risk management and with frameworks including related regulatory compliance requirements (e.g. SOC, SOX, NIST 800-171 CSF and FISMA) - required
· Strong knowledge of and experience in all facets of integrated security governance, risk, and compliance management
· Ability to assess the nature of controls and identify automation opportunities for increased monitoring and scaling coverage (e.g., RPA, data analytics) to continuously monitor information security controls, exceptions, risks, testing & develop reporting metrics, dashboards, and evidence artifacts.
· Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
· Performs and investigates internal and external information security risk and exceptions assessments. Assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test results, phishing, and social engineering tests and attacks.
· Knowledge of or experience working with Agile methodology and GRC tools (Metricstream, Archer, etc.) and documents business process responsibilities and ownership of the controls in GRC tool
· Execution oriented, results-driven, and a self-motivator
· Excellent interpersonal, relationship, collaboration and influencing skills
· Excellent critical-thinking and organizational skills
· Excellent presentation, facilitation, executive reporting and communication skills inc. routinely update executive management and prepare audit committee materials, highlighting overall Fireblocks risk management progress, compliance risks and recommendations for future enhancements
· Act as the "go-to" person for internal controls within the broader enterprise and provide reliable insight for implementing controls within a business process in an efficient and effective manner
· Relevant BA/BS degree and/or certifications (e.g., CRISC, CISSP, CCIE, CISM, CISA, CCSK)
· Strong knowledge of Public Cloud Service Providers (AWS, IBM, Azure), specifically the types of services offered and industry-standard internal controls and best practices for configuring and managing these services (AWS preferred).
· Experience developing, championing, and managing internal compliance programs.
· Analytical thinker who is highly organized and pays close attention to detail.
· Strong written and verbal communication skills; ability to effectively communicate and obtain buy-in at all levels of the organization and with internal stakeholders across the business.
· Applicable information security management, governance, and compliance principles, practices, laws, rules and regulations;
· Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols;
· Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration;