The most technologically advanced digital asset trading platform in the world.
Blockchain • Crypto • Cryptocurrencies • Trading • Brokerage
August 14
🏢 In-office - San Francisco
The most technologically advanced digital asset trading platform in the world.
Blockchain • Crypto • Cryptocurrencies • Trading • Brokerage
• The Governance, Risk, and Compliance (GRC) team handles a wide range of cross-functional activities, from security compliance certifications and audits, to risk management, inbound and outbound due diligence, third-party risk management, security awareness, policy and procedures, and more • Each of these ongoing parallel activities entails interpreting and setting requirements, assessing the effectiveness of security controls, risk-based decision-making, cross-functional collaboration and communication, and staying up-to-date on security best practices and how changes in the evolving threat landscape need to inform our strategy • We are seeking an experienced Security Compliance lead responsible for monitoring and governing security controls in the cloud based on regulatory/compliance requirements and industry standards • Oversee audit and governance management: optimize year-round compliance, audit, and regulatory efforts for Falconx and subsidiaries • Build and maintain an integrated cybersecurity controls framework • Monitor and report on compliance against Information Security policies and standards • Maintain security compliance programs within a GRC or compliance automation solution • Facilitate governance and track remediation within SLAs for vulnerabilities, gaps, and control deficiencies and work with business stakeholders to establish plans for sustainable resolution • Define and execute existing or new compliance initiatives (i.e, SOC2, PCI, FFIEC CAT, NIST CSF, DORA etc) • Work independently to conduct compliance quantitative assessments from beginning to end with minimal supervision, manage key stakeholder relationships • Identify the root cause of control gaps and exceptions and suggest remediation steps • Maintain a cybersecurity risk register • Prioritize and drive cross-functional remediation efforts for identified gaps based on risk impact and criticality • Compile and present compliance posture via metrics and dashboards
• BS or MS degree in Computer Information Systems or related field • 7+ years of experience with security GRC initiatives • Candidate must be able to assimilate knowledge quickly, understand stakeholder’s business challenges/risks, and act as a trusted advisor to lead change, policy adoption, and monitor compliance against policies and standards • Experience with onboarding and monitoring cybersecurity controls in cloud environments • Experience managing SOC2, ISO, PCI DSS, or other compliance standards and framework programs • Strong knowledge of security risk management and running audits/certification programs • Have knowledge of NIST 800-53/800-37, NIST CSF, SOC 2, PCI, and/or ISO 27001 standards, integrated controls framework, and evaluating design and effectiveness of IT controls working directly with auditors, regulators, investors • Experience defining compliance roadmaps based on customer requirements, compliance documentation, and ensuring that committed assessments are delivered on schedule • Experience with GRC tool implementation • CISA, CISSP, PCI QSA, AWS certifications or equivalent expertise • Technical fluency: comfortable understanding and discussing technology concepts, experience evaluating tradeoffs and new opportunities with technical team members
• Base pay range between $195,000 and $250,000 USD • Eligible for performance linked bonus • Eligible for equity • Competitive benefits package
Apply Now