Senior GRC Program Manager

At Ripple, we’re building a world where value moves like information does today. It’s big, it’s bold, and we’re already doing it. Through our crypto solutions for financial institutions, businesses, governments and developers, we are improving the global financial system and creating greater economic fairness and opportunity for more people, in more places around the world. And we get to do the best work of our career and grow our skills surrounded by colleagues who have our backs. 

If you’re ready to see your impact and unlock incredible career growth opportunities, join us, and build real world value.

THE WORK:

 Ripple is expanding its Information Security function and seeking experienced professionals to join us in building a world-class program.

This is a critical role based in our Luxembourg entity, integral to strengthening our local operational presence and governance. As Ripple continues to grow its regulated activities in Europe, this position will be instrumental in ensuring robust ICT operations and security practices on the ground. The successful candidate will lead ICT operations initiatives in Luxembourg, acting as the bridge between global engineering teams and local regulatory execution in the dynamic digital asset space.

WHAT YOU’LL DO:

• Ensure the operational implementation and maintenance of EU / Luxembourg security frameworks, including the Digital Operational Resilience Act (DORA) and supporting technical standards.
• Lead the day-to-day management and operational oversight of outsourced ICT and security services (provided by related entities within the Ripple Group or third parties), ensuring service delivery meets local regulatory standards and SLAs.
• Actively engage with global Engineering and IT teams to track and evaluate future infrastructure, application, and architectural changes, ensuring they are designed with operational resilience and regional compliance in mind.
• Coordinate the implementation of technical security controls across our infrastructure and application environments, ensuring alignment with Ripple’s internal controls and regulatory guidelines (e.g., EBA, ESMA, CSSF).
• Collaborate with global InfoSec teams to develop, maintain, and localize InfoSec Policies, Standards, and Procedures relevant to EU compliance.
• Directly access systems to pull technical evidence, such as logs, system settings, and access reports, to support continuous operational monitoring, incident response, and compliance efforts.
• Act as the operational subject matter expert during internal audits, customer audits, and regulatory exams by providing necessary technical evidence and demonstrating a strong working knowledge of our infrastructure and security processes.
• Partner with our global Engineering, Compliance, Finance, Product, Legal, and Sales teams to provide operational security guidance and have a direct impact on Ripple’s product security and customer trust.
• Support regional customer-facing activities by assisting in responding to security due diligence questionnaires and reviewing technical aspects of customer contracts.
• Attend and participate in local and regional industry events and discussions to stay current on evolving regulations, threats, and best practices.

WHAT YOU'LL BRING: 

• 5+ years of experience in information security infrastructure, preferably within a highly regulated industry.
• A Bachelor's Degree in a relevant discipline or equivalent professional experience.
• Demonstrable experience working within the Luxembourg financial or technology sector, with a strong understanding of the local business and regulatory landscape.
• Solid working knowledge of DORA operational requirements, including resilience testing, ICT third-party management, and incident response.
• Familiarity with EU regulatory frameworks, including MiCA and related EBA and ESMA technical standards.
• Proficiency with common information technology and security frameworks, such as ISO 27001, SOC2, and NIST.
• Comfortable accessing systems directly to gather and analyze technical evidence, including logs, configuration data, and database queries, within a cloud-native environment.
• Ability to create clear, audience-tailored technical documentation and SOPs.
• Experience collaborating effectively with cross-functional teams of engineers, product managers, and compliance experts.
• Familiarity with tools such as Jira, Confluence, JupiterOne, Okta, AWS, Tines, and integrated GRC platforms is an advantage.
• Desirable certifications include CISSP, CISA, AWS Certified Security, and PMP. 
• Professional proficiency in French is desirable; proficiency in English is required.

WHO WE ARE:

Do Your Best Work

• The opportunity to build in a fast-paced start-up environment with experienced industry leaders
• A learning environment where you can dive deep into the latest technologies and make an impact.  A professional development budget to support other modes of learning.
• Thrive in an environment where no matter what race, ethnicity, gender, origin, or culture they identify with, every employee is a respected, valued, and empowered part of the team.
• In-office collaboration for moments that matter is important to our culture, and we give managers and teams the flexibility to decide which 10+ days a month they come in. 
• Bi-weekly all-company meeting - business updates and ask me anything style discussion with our Leadership Team
• We come together for moments that matter which include team offsites, team bonding activities, happy hours and more!

Take Control of Your Finances

• Competitive salary, bonuses, and equity
• Competitive benefits that cover physical and mental healthcare, retirement, family forming, and family support
• Employee giving match
• Mobile phone stipend

Take Care of Yourself

• R&R days so you can rest and recharge
• Generous wellness reimbursement and weekly onsite & virtual programming
• Generous vacation policy - work with your manager to take time off when you need it
• Industry-leading parental leave policies. Family planning benefits.
• Catered lunches, fully-stocked kitchens with premium snacks/beverages, and plenty of fun events

Benefits listed above are for full-time employees.