GRC Expert, Singapore
Founded in 2018 and already valued at over $8 billion, Fireblocks is a SaaS platform that helps companies to create innovative products on the blockchain and manage day-to-day crypto operations. Fireblocks is trusted by some of the largest financial institutions, banks, globally-recognized brands, and Web3 companies in the world, including BNY Mellon, BNP Paribas, ANZ Bank, Revolut, and thousands more, to securely scale digital asset operations through the Fireblocks Network and MPC-based wallet infrastructure. We have offices in New York, London, Tel Aviv, and Singapore, and we are continuing to expand our teams to reach new customers globally.
Looking for an industry-leading, secure digital asset platform, experiencing hyper-growth and valued at $8 billion? Welcome to Fireblocks!
Here’s the bit about us:
Fireblocks is an enterprise-grade platform delivering a secure infrastructure for moving, storing, and issuing digital assets & cryptocurrencies. We enable financial institutions to securely build, run and scale digital asset operations through the Fireblocks Network and MPC-based Wallet Infrastructure. Digital assets are protected from cyber-attacks, internal collusion, and human error using next-generation multi-layer technology. Fireblocks is the only platform that provides insurance for digital assets in storage, transfer, and E&O.
As of September 2022, we serve over 2,000 institutional customers, have secured the transfer of over $4 trillion in digital assets and are the highest-valued digital asset infrastructure company in the world, with a valuation of $8 billion and over $1 billion raised.
Our mission is simple: Enable every business to easily and securely support digital assets & cryptocurrencies. Come join us as we Secure. Simplify. Scale
Here’s a bit about the opportunity:
At Fireblocks, we're re-platforming financial services onto a new blockchain based tech stack. We invite you to be a cornerstone in this journey as our Business Solutions Associate, EMEA. In this high-impact role, you will join forces with our Enterprise Accounts team to guide leading financial service institutions, fintechs and large corporates through transformative digital infrastructure solutions.
The Governance, Risk, and Compliance expert is responsible for assessing and documenting of Fireblocks’s compliance and risk posture.
Fireblocks Security, Governance, Risk, and Compliance (GRC) expert is responsible among others for ensuring Fireblocks leadership has the information needed to make strategic risk-based decisions enabling the achievement of Fireblocks business objectives globally. The GRC expert will deploy common governance, risk, and compliance processes, and controls, conduct audits, and documents, and ensure that technologies, business operations are structured and configured for data protection & compliance.
About the Role:
We are seeking a full-time Governance Risk and Compliance (GRC) Expert who will be a Fireblocks GRC team expert member This position will report to the Fireblocks GRC Director, the candidate will be accountable for providing oversight of the GRC task area and ensure effective management, collaboration, and coordination of several key cybersecurity support areas including the following:
- Support the sales effort and participate with prospects' DD process
- Internal and external Security Audits
- Security Compliance, Vulnerability management, third-party risk Management Services
- IT Cyber Security Strategy and projects Policy and Procedures Management Metrics, KRI’s, KPIs and Dashboard reporting
- Phishing campaigns and training and awareness operations
- Security reviews, Compliance, Policies, Controls, Audits, Global/Regional Regulations, SLT meetings reviews and presentations, etc.
- Manage the GRC tool with updated IT and Cyber security risk register, controls, gaps, remediation and reporting. Coordinate and track all information technology and security related audits
- GRC capability areas such as security risk management, compliance management with the changing APAC laws and applicable regulations, policy management, awareness & training
- Support GRC team to provide training and mentoring employees, if needed.
- Work closely with other team SMEs supporting the business to provide guidance to drive towards a cohesive view of security risk and drive open remediation items to closure
- Responsible for periodic review of the compliance with Fireblocks security policies and procedures among employees, contractors and other third parties and co-ordinate with relevant stakeholders to ensure that compliance requirements are met
- Maintain up-to-date knowledge in GRC areas to be able to advise clients
- Plan and co-ordinate for implementation of information security controls based among others on ISO 27001, ISO 27017, CCSS level 3, SOC 2, CIS Benchmark, NIST CSF etc.
- 7+ years experience preferred in performing and running audits, certification programs and control assessments, including but not limited to scope planning, defining control procedures based on requirements, policies and standards, control testing, mapping issues to risks and socialising results.
- Advantage: Experienced with financial/Blockchain/crypto/Fintechs industry including understanding Cyber Security regulations.
- Strong knowledge of Public Cloud Service Providers (AWS, Azure, GCP), specifically the types of services offered and industry-standard internal controls and best practices for configuring and managing these services (Any cloud certification is a plus).
- Relevant BA/BS degree and/or certifications (e.g, CRISC, CISSP, CCIE, CISM, CISA, CCSK)
- Strong knowledge of and experience in security risk management and with frameworks including related regulatory compliance requirements (e.g. SOC2 Type 2, ISO 27001,ISO 27017, ISO 27018, CCSS, NIST 800-171 CSF, etc) will be a huge plus
- Analytical thinker who is highly organised and pays close attention to detail.
- Strong written and verbal communication skills; ability to effectively communicate and obtain buy-in at all levels of the organisation and with internal stakeholders across the business.
- Applicable information security management, governance, and compliance principles, practices, laws, rules and regulations;
- Understanding on reviewing of Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols.
Fireblocks' mission is to enable every business to easily and securely access digital assets and cryptocurrencies. In order to do that, we strongly believe our workforce should be as diverse as our clients, and this is why we embrace diversity and inclusion in all its forms.