Staff Manager, InfoSec GRC

Company: P2P
Location: San Francisco
Posted on: May 24, 2025

Job Description:

At Ripple, we're building a world where value moves like information does today. It's big, it's bold, and we're already doing it. Through our crypto solutions for financial institutions, businesses, governments, and developers, we are improving the global financial system and creating greater economic fairness and opportunity for more people, in more places around the world. We get to do meaningful work and grow our skills surrounded by colleagues who support us.If you're ready to see your impact and unlock career growth opportunities, join us and build real-world value.THE WORK:Ripple is leveraging blockchain technology and a growing network of financial institutions to improve the global financial system and increase economic inclusion worldwide. We are seeking passionate Information Security professionals to develop a world-class Information Security program. In this role, you will lead technical control testing and evidence collection for audits in the digital asset and stablecoin space, while creating educational materials to strengthen security awareness and audit readiness across teams.WHAT YOU'LL DO:

• Map new regulatory and security frameworks (e.g., SOC 2, ISO 27001, DORA, GDPR) to the existing control library, identifying overlaps, gaps, and opportunities for enhancement.
• Plan and execute technical control testing, validating the effectiveness of controls across various environments (cloud, infrastructure, applications).
• Gather technical evidence (logs, system settings, access reports) for audits and compliance efforts.
• Represent technical control operations during audits, demonstrating knowledge of infrastructure, security, and process controls.
• Develop and maintain training materials and documentation for GRC processes and evidence collection.
• Deliver training to diverse audiences.
• Identify control deficiencies, escalate issues, and support control owners in understanding audit expectations.
• Stay current on the technical environment to effectively scope audit requests and assess risks.
• Support continuous improvement initiatives in evidence collection, audit readiness, and knowledge sharing.
• Align policies and procedures with compliance objectives.
• Prepare management reports on security GRC objectives.
• Assist with customer and prospect audits, and align compliance reports with public-facing trust portals.
• Keep up-to-date with current security laws, regulations, and standards.
• Engage in projects, providing guidance and documentation for security matters.
• Collaborate with teams across Security, Engineering, Compliance, Legal, and Product to enhance security and customer trust.
• Create and maintain standards, processes, and procedures related to security and privacy.
• Identify and resolve control weaknesses with management's support.WHAT YOU'LL BRING:
  • Bachelor's Degree or equivalent experience.
  • 5+ years in information security risk management and compliance, ideally in regulated industries.
  • Understanding of IT controls, security principles, cloud services (AWS, Azure), and technical systems (IAM, databases).
  • Experience pulling technical evidence for audits.
  • Strong analytical, documentation, and training skills.
  • Experience with frameworks like NYDFS, DORA, MAS, CSSF, and regulatory exams.
  • Ability to work independently and learn new systems quickly.
  • Proficiency with security frameworks (SOC2, NIST, CCM, ISO 27001).
  • Skill in creating technical documentation and training content.
  • Experience in delivering technical training sessions.
  • Familiarity with maturity frameworks and security tools (Jira, Confluence, AWS, Okta, etc.).
  • Ability to analyze evidence, identify root causes, and work with teams to remediate gaps.
  • Experience in fast-paced, distributed environments, ideally in startups.
  • Desirable certifications: CISSP, CISA, AWS Security, PMP.For CA-based positions, the annual salary range is $136,000-$170,000 USD, excluding bonuses, equity, or additional compensation. Salaries vary based on experience and qualifications.WHO WE ARE:Do Your Best Work
    • Build in a fast-paced startup environment with industry leaders.
    • Engage in continuous learning with a professional development budget.
    • Be part of a diverse, inclusive team where everyone is valued and empowered.
    • Flexible in-office collaboration, with 10+ days per month in the office.
    • Bi-weekly company-wide meetings with leadership.
    • Team offsites, bonding activities, and events.Take Control of Your Finances
      • Competitive salary, bonuses, and equity.
      • Benefits covering health, retirement, family support, and more.
      • Employee giving match and stipends.Take Care of Yourself
        • R&R days, wellness reimbursements, and wellness programs.
        • Generous vacation and parental leave policies.
        • Catered meals, stocked kitchens, and fun events.Benefits apply to full-time employees. Ripple is an Equal Opportunity Employer committed to diversity and inclusion. We do not discriminate based on race, gender, religion, or other protected characteristics.See our and for more information.
          #J-18808-Ljbffr

Keywords: P2P, Mountain View , Staff Manager, InfoSec GRC, Accounting, Auditing , San Francisco, California