About GRVT
GRVT is the world’s first licensed decentralized exchange (DEX) that also operates as a self-custodial centralized exchange (CEX), pioneering a true CeDeFi model by merging the best of centralized finance (CeFi) and decentralized finance (DeFi). Our platform aims to enable anyone to buy, sell, trade and invest in financial products offered by anyone, leveraging smart contracts for self-custody, scalability, and security. By combining the security and compliance of traditional finance with the efficiency and autonomy of blockchain, GRVT is building a unified, global financial system that scales far beyond crypto.
Imagine a financial system where trust is automated, inefficiencies are eliminated, and opportunities are accessible to everyone. Traditional finance relies on outdated infrastructure, creating high costs and barriers to access, while DeFi struggles with complexity and scalability. GRVT bridges these gaps, redesigning finance from its core and creating an ecosystem that is open, inclusive, and transformative.
Key Stats
- 52 employees and growing
- $14.3M in funding (seed round)
- The world’s first licensed, regulated blockchain-settled exchange
- 500,000+ community followers across platforms
- 30,000+ KYCed users in the first week of mainnet launch
- 55 institutional clients
- $4B monthly committed volume
- Recognized as the fastest-growing crypto exchange
- Mainnet Day-1, 20th December
If you’re passionate about meaningful innovation and ready to shape the future of finance, GRVT offers the opportunity to work at the forefront of financial evolution. Join us and be part of redefining what’s possible.
🔗 Website: www.grvt.io
(https://www.grvt.io/)
(https://testnet.grvt.io/)
📄 Brochure: View Brochure
(https://docsend.com/view/f2bd79j6xc8nkypr)
🔗 First official appchain on zkSync Hyperchain: (https://zksync.mirror.xyz/8qNtXFBTN8iVqG3qyWXmjmT9f4VGvDNw2FOb4ikBB_0)
Backed by Traders, Invested by Leaders:
SIG | QCP | SELINI | HACK VC | DELPHI DIGITAL | ANTELOPE | METALPHA | LIQUIDITY TECH | ALBATROSS | CMS | FISHER 8 | MOONVAULT | PULSAR | FLOW TRADERS | KRONOS and more
—————————————
ABOUT THE ROLE
As Head of GRC & Corporate Security, you will lead GRVT’s GRC and Corporate Security functions, driving our license-readiness strategy while working cross-functionally with engineering, legal, operations, and leadership. Your primary focus will be enabling the company to meet regulatory requirements, and we particularly appreciate prior experiences with the digital assets regimes of (BMA, ADGM, MAS, and SFC). On the Corporate Security portfolio, we appreciate prior knowledge of setting up and running corporate security programs to enhance the firm’s security posture.This role blends security acumen with technical depth — you’re not expected to write code or deploy infrastructure, but you must understand the systems well enough to translate policy into practical controls, identify risk blind spots, and guide implementation across multiple domains.
KEY RESPONSIBILITIES
Governance, Risk & Compliance (GRC)
- Build and maintain our GRC policies, to align with the company’s key regulatory needs.
- Lead internal risk assessments, security control reviews, and remediation efforts across departments and vendors.
- Own the security-related workstreams for regulatory license applications/maintenance, working closely with legal and compliance.
- Serve as the primary liaison for auditors, regulators, and external consultants on all matters related to security governance and assurance.
Corporate Security
- Oversee the design and implementation of GRVT’s zero-trust, end-point protection and device management programs
- Support the IT function for basic hardware and software administration tasks
- Plan and manage company-wide security controls such as passkeys and password managers
- Maintain GRVT’s security culture with regular awareness training and knowledge sharing
- Perform identity and access management reviews
Technical Oversight & Risk Translation
- Convert high-level compliance requirements into practical security controls, in collaboration with engineering and IT leads.
- Guide risk assessments and decisions across key security domains including:
- Cloud Infrastructure (AWS & GCP) – IAM, configuration, and vendor posture
- DevSecOps – Secure CI/CD pipeline practices and shift-left security enablement
- Application Security (AppSec) – Risk understanding of web, API, and mobile layers (e.g., OWASP Top 10)
- Blockchain & Wallet Security (Basic Familiarity) – Awareness of wallet custody models, smart contract risks, and external audit workflows
- Lead or coordinate third-party risk reviews, vendor security onboarding, and baseline control requirements.
Incident Readiness
- Oversee the development and execution of GRVT’s incident response plan, particularly in relation to regulatory reporting requirements.
- Contribute to business continuity and disaster recovery planning with a security lens.
Culture & Collaboration
- Champion a security-first culture through onboarding, training, and ongoing awareness programs.
- Work across legal, engineering, and operations to ensure security is embedded, not bolted on.
- Regularly report risk posture, incident summaries, and recommendations to leadership.
JOB REQUIREMENTS
- 8+ years of experience in security, compliance, or risk management, including leadership responsibilities.
- Proven track record in supporting regulatory license applications (e.g., BMA, ADGM, MAS, and SFC) from a security perspective.
- Strong understanding of security frameworks like ISO 27001, SOC 2, NIST CSF, and GDPR.
- Ability to bridge the gap between regulatory language and real-world engineering and operational controls.
- Foundational knowledge across cloud infrastructure, DevSecOps, AppSec, and blockchain concepts.
- Excellent communication skills — comfortable engaging regulators, auditors, executives, and technical teams alike.
- Bonus: Experience in a fintech, crypto or regulated startup environment; familiarity with corporate device and access management tools (e.g., Google Workspace, Bitwarden, MDM).
