Responsibilities
- Governance Framework : Develop, implement, and maintain comprehensive governance policies and procedures to ensure financial regulations and standards compliance. Knowledge of NYDFS Part 500 is a plus.
- Risk Management : Identify, assess, and mitigate security risks, ensuring that robust risk management practices are in place to protect Fireblocks’ assets.
- Compliance Oversight : Ensure ongoing compliance with industry regulations, including but not limited to NYDFS Part 500, ISO 27001, ISO 27017, CCSS, SOC 2, CIS Benchmark, NIST CSF, and regulations specific to the financial sector.
- Security Audits : Plan, conduct, and oversee security audits for internal systems and third-party vendors, ensuring thorough evaluation of security controls and compliance.
- Policy Development : Create and update security policies, standards, and guidelines to address evolving regulatory requirements and emerging security threats.
- Reporting : Prepare detailed audit reports, risk assessments, and compliance documentation for senior management and regulatory bodies, including KRI and KPI definition and measurement
- Support Sales team during DDQ, RFPs
- Customer-facing capabilities to promote Fireblocks’ security assets
The GRC expert position will report to the GRC manager and be the key contact for the CISO/CIO office for supporting GRC functions in the New York region (US- East) primarily and supporting other geographic regions when needed.
Minimum Requirments- 5+ years experience preferred in performing and running audits, certification programs, and control assessments, including but not limited to scope planning, defining control procedures based on requirements, policies, and standards, control testing, mapping issues to risks, and socializing results.
- Advantage: Experience or understanding of the financial/Blockchain/crypto/FinTechs Industry including, the knowledge of Cyber Security regulations e.g NYDFS (New York Department of Financial Service), MAS, HKMA, Reserve Bank of Australia, The Reserve Bank of New Zealand, MICA will be a huge plus
- Experience in Big 4 companies as a senior security and audit consultant would be preferred
- Strong knowledge of Public Cloud Service Providers (AWS, Azure, GCP), specifically the type of services offered and industry-standard internal controls and best practices for configuring and managing these services (any cloud certification is a plus).
- Strong knowledge and experience in security risk management and frameworks including related regulatory compliance requirements (e.g. SOC2 Type 2, ISO 27001, ISO 27017, ISO 27018, CCSS, NIST 800-171 CSF, etc) will be a huge plus
- Analytical thinker who is highly organized and detail-oriented
- Strong written and verbal communication skills; ability to effectively communicate and obtain buy-in at all levels of the organization and with internal stakeholders across the business.
Education:
- Relevant BA/BS degree and/or certifications (e.g, CRISC, CISSP, CISM, CISA, CCSK, ISO Lead Auditor)
For employees hired to work remotely from New York, or from our NYC HQ, Fireblocks is required by law to include a reasonable estimate of the compensation range for this role. This range is specific to New York City and takes into consideration a wide range of factors that are reviewed when making a hiring decision, such as years of experience, skills, and other business needs.
It is not typical for a candidate to be hired at or near the top of the pay range and each compensation decision is dependent on each individual case. A reasonable base salary range estimate for this position is $127,000 - $166,000. The base salary is one component of the total compensation package, which for some roles may include a target bonus, a very competitive equity grant, and very generous benefits.