Senior Manager, InfoSec GRC

WHAT YOU’LL DO:

• Regulatory Engagement and Leadership: You will be a key point of contact for all information security matters related to the bank license application. You'll represent the InfoSec GRC team by actively engaging with and providing mentorship to regulators like the OCC and NYDFS.
• Technical GRC and Risk Management: You will lead risk assessment processes and identify, assess, and prioritize information security risks across the organization. You'll have hands-on experience pulling technical evidence, such as logs, configuration screenshots, and audit reports, to validate the efficiency of our security controls.
• Compliance and Audits: You will maintain compliance with frameworks like FFIEC, SOX, NYDFS, MAS, DORA, and SOC 2. You will represent technical control operations during internal and external audits, including MAS financial audits and SOX/SOC1 audits, demonstrating a strong solid understanding of our infrastructure, applications, and security processes.
• Program Leadership: You will lead end-to-end GRC projects, establishing clear metrics and achievements. You will also develop and maintain dashboards to provide insight into compliance status, risk posture, and program efficiency.
• Crypto-Specific Expertise: You will provide technical mentorship on compliance related to stablecoin reserves and financial reporting, including preparing for the required attestation reports to meet regulatory requirements from agencies like the NYDFS.

WHAT YOU'LL BRING: 

• A Bachelor's Degree in a relevant field or equivalent professional experience.
• 10+ years of experience in information security risk management and compliance within a highly regulated industry, with a strong background in the financial services or banking sector.
• A solid foundation in a hands-on technical information security role, with experience in areas like security operations or security architecture.
• Proven experience with U.S. regulatory frameworks like FFIEC and NYDFS, and a track record of directly working with financial regulators.
• Proficiency with common information security frameworks, including SOX, SOC1, ISO 27001, SOC 2, MAS, and DORA.
• Direct experience with charter banking or in a similar leadership role at a regulated financial institution or a digital asset company.
• Experience with crypto or blockchain technology, particularly in a highly regulated environment, including familiarity with stablecoin reserves and financial reporting requirements.
• Hands-on experience assessing and managing security risks in public cloud environments (preferably AWS) and a strong understanding of their security implications.
• Proven ability to create clear, audience-tailored technical documentation.
• Relevant certifications such as CISSP, CISA, or AWS Certified Security are highly desirable.