Senior GRC Program Manager
Ripple provides crypto and blockchain solutions for enterprises, enabling global financial entities to move, manage, and tokenize value. They focus on improving existing financial systems through partnerships and regulatory compliance, with products used in over 50 countries.
About Ripple
Ripple is an enterprise blockchain and crypto solutions company that aims to enable the world to move value as seamlessly as information moves today. Their mission is to build breakthrough crypto solutions for a world without economic borders. Using blockchain technology, Ripple facilitates global financial institutions, businesses, governments, and developers to move, manage, and tokenize value, thereby unlocking greater economic opportunity. The company works within existing financial systems to improve them, partnering with customers to streamline infrastructure and collaborating with regulators to ensure solutions are secure and compliant. Ripple's products are in commercial use by hundreds of customers across more than 50 countries, helping them expand into new markets, access liquidity solutions, and generate crypto-enabled revenue streams. They also support developers by providing tools for building on the XRP Ledger, a fast and sustainable public blockchain. Ripple’s payments, custody and stablecoin solutions empower financial institutions to integrate blockchain and digital assets into their business in a simple, secure, compliant way—all in one place. From instant payments to asset tokenization, blockchain and crypto are happening right now, across the world. It’s happening to suppliers, to retailers, to exchanges, to currencies, to sectors, to industries, to markets, and to global businesses. And it’s happening with Ripple.
Skills
About the Role
You will lead ICT operations initiatives in Luxembourg, acting as the bridge between global engineering teams and local regulatory execution in the digital asset space. You'll ensure security frameworks like DORA are implemented and maintained, oversee outsourced ICT and security services, and work closely with global Engineering, IT, Compliance, Finance, Product, Legal, and Sales teams. You'll directly access systems to gather technical evidence supporting monitoring, incident response, and audits, and you'll serve as the operational subject matter expert during internal and regulatory reviews.
Requirements
- 5+ years of experience in information security infrastructure, preferably within a highly regulated industry
- A Bachelor's Degree in a relevant discipline or equivalent professional experience
- Demonstrable experience working within the Luxembourg financial or technology sector
- Solid working knowledge of DORA operational requirements, including resilience testing, ICT third-party management, and incident response
- Familiarity with EU regulatory frameworks, including MiCA and related EBA and ESMA technical standards
- Proficiency with common information technology and security frameworks, such as ISO 27001, SOC2, and NIST
- Comfortable accessing systems directly to gather and analyze technical evidence within a cloud-native environment
- Ability to create clear, audience-tailored technical documentation and SOPs
- Experience collaborating effectively with cross-functional teams of engineers, product managers, and compliance experts
- Familiarity with tools such as Jira, Confluence, JupiterOne, Okta, AWS, Tines, and integrated GRC platforms is an advantage
- Desirable certifications include CISSP, CISA, AWS Certified Security, and PMP
- Professional proficiency in French is desirable; proficiency in English is required
Responsibilities
- Ensure the operational implementation and maintenance of EU / Luxembourg security frameworks, including DORA and supporting technical standards
- Lead the day-to-day management and operational oversight of outsourced ICT and security services
- Engage with global Engineering and IT teams to track and evaluate infrastructure, application, and architectural changes
- Coordinate the implementation of technical security controls across infrastructure and application environments
- Collaborate with global InfoSec teams to develop, maintain, and localize InfoSec Policies, Standards, and Procedures
- Access systems directly to pull technical evidence such as logs, system settings, and access reports
- Act as the operational subject matter expert during internal audits, customer audits, and regulatory exams
- Partner with global Engineering, Compliance, Finance, Product, Legal, and Sales teams to provide operational security guidance
- Support regional customer-facing activities by assisting with security due diligence questionnaires and reviewing customer contracts
- Attend and participate in local and regional industry events to stay current on regulations, threats, and best practices
Benefits
- Professional development budget
- Competitive bonuses and equity
- Competitive benefits covering physical and mental healthcare, retirement, family forming, and family support
- Employee giving match
- Mobile phone stipend
- R&R days
- Generous wellness reimbursement and weekly onsite & virtual programming
- Generous vacation policy
- Industry-leading parental leave policies and family planning benefits
- Catered lunches and fully-stocked kitchens with premium snacks/beverages
- Team offsites, team bonding activities, and happy hours
