Manager, GRC

At Ripple, we’re building a world where value moves like information does today. It’s big, it’s bold, and we’re already doing it. Through our crypto solutions for financial institutions, businesses, governments and developers, we are improving the global financial system and creating greater economic fairness and opportunity for more people, in more places around the world. And we get to do the best work of our career and grow our skills surrounded by colleagues who have our backs.

If you’re ready to see your impact and unlock incredible career growth opportunities, join us, and build real world value.

THE WORK:

Ripple is expanding its Information Security function and is seeking passionate Information Security professionals to join us in building a world-class Information Security program.

This is a critical role based in our Luxembourg entity, integral to strengthening our local operational presence and governance. As Ripple continues to grow its regulated activities in Europe, this position will be instrumental in ensuring robust information security and compliance practices on the ground. The successful candidate will lead information security initiatives in Luxembourg and serve as a key point of contact for regulatory bodies in the dynamic digital asset space.

WHAT YOU’LL DO:

• Act as the primary local point of contact for the Commission de Surveillance du Secteur Financier (CSSF) on all information security matters, providing dedicated Governance, Risk, and Compliance (GRC) coverage in Luxembourg.
• Provide periodic updates to Ripple’s Luxembourg Board of Directors on the InfoSec program, risk posture, and regulatory matters.
• Maintain compliance with EU / Luxembourg regulatory and security frameworks, including DORA (Digital Operational Resilience Act and supporting technical standards
• Map new regulatory frameworks and guidelines issued by regulatory bodies (EBA, ESMA, and CSSF) to our internal security controls library to identify gaps and opportunities for enhancement.
• Scope, plan, and independently conduct periodic technical control testing to validate the effectiveness of information security controls and compliance with regulatory requirements across our cloud, infrastructure, and application environments.
• Directly access systems to pull technical evidence, such as logs, system settings, and access reports, for control testing, audits, and continuous compliance efforts.
• Represent technical control operations during internal and external audits, financial audits, customer audits, and regulatory exams, demonstrating a strong working knowledge of our infrastructure, applications, and security processes.
• Collaborate with global InfoSec teams to develop, maintain, and localize InfoSec Policies, Standards, and Procedures relevant to EU compliance.
• Lead the oversight of outsourced IT and security services provided by related entities within the Ripple Group, ensuring they meet local regulatory standards.
• Support group-wide Information Security GRC initiatives, including policy governance, risk and control assessments, and ensuring cross-entity alignment with DORA and other EU frameworks.
• Partner with our global Information Security, Engineering, Compliance, Finance, Product, Legal, and Sales teams to provide security guidance and have a direct impact on Ripple’s product security and customer trust.
• Support regional customer-facing activities by assisting in drafting region-specific security messaging, responding to security due diligence questionnaires, and reviewing customer security contractual language.
• Develop and maintain information security policies and standards, documentation for internal GRC processes, system workflows, and evidence collection procedures.
• Attend and participate in local and regional industry events and discussions to stay current on evolving regulations, threats, and best practices.

WHAT YOU’LL BRING:

• A Bachelor’s Degree in a relevant discipline or equivalent professional experience.
• Demonstrable experience working within the Luxembourg financial or technology sector, with a strong understanding of the local business and regulatory landscape.
• 5+ years of experience in information security risk management and compliance, preferably within a highly regulated industry.
• Proven experience with EU regulatory frameworks such as DORA, and direct experience interfacing with financial regulators.
• Proficiency with common information security frameworks, such as ISO 27001, SOC2, NIST, and CSA Cloud Controls Matrix (CCM).
• A solid understanding of information security governance in the context of cloud-native fintech companies operating in a distributed and fast-moving environment.
• Comfortable working independently in technical environments, quickly learning new systems and processes.
• Hands-on experience pulling and analyzing technical evidence, including system logs, configuration screenshots, audit reports, and database queries.
• Ability to create clear, audience-tailored technical documentation, SOPs, and training content.
• Experience developing and delivering training workshops or informal learning sessions on technical processes or compliance practices.
• Experience collaborating effectively with cross-functional teams of engineers, product managers, and compliance experts.
• Familiarity with IT and Security tools such as Jira, Confluence, JupiterOne, Okta, AWS, Tines, and integrated GRC platforms.
• Desirable certifications include CISSP, CISA, AWS Certified Security, and PMP.
• Professional proficiency in French is highly desirable for effective communication with local authorities and business partners; proficiency in English is required.

WHO WE ARE:

Do Your Best Work

• The opportunity to build in a fast-paced start-up environment with experienced industry leaders
• A learning environment where you can dive deep into the latest technologies and make an impact. A professional development budget to support other modes of learning.
• Thrive in an environment where no matter what race, ethnicity, gender, origin, or culture they identify with, every employee is a respected, valued, and empowered part of the team.
• In-office collaboration for moments that matter is important to our culture, and we give managers and teams the flexibility to decide which 10+ days a month they come in.
• Bi-weekly all-company meeting – business updates and ask me anything style discussion with our Leadership Team
• We come together for moments that matter which include team offsites, team bonding activities, happy hours and more!

Take Control of Your Finances

• Competitive salary, bonuses, and equity
• Competitive benefits that cover physical and mental healthcare, retirement, family forming, and family support
• Employee giving match
• Mobile phone stipend

Take Care of Yourself

• R&R days so you can rest and recharge
• Generous wellness reimbursement and weekly onsite & virtual programming
• Generous vacation policy – work with your manager to take time off when you need it
• Industry-leading parental leave policies. Family planning benefits.
• Catered lunches, fully-stocked kitchens with premium snacks/beverages, and plenty of fun events

Benefits listed above are for full-time employees.