Senior GRC Expert

The world of digital assets is accelerating in speed, magnitude, and complexity, opening the door to new ways for leveraging the blockchain. Fireblocks’ platform and network provide the simplest and most secure way for companies to work with digital assets and it trusted by some of the largest financial institutions, banks, globally-recognized brands, and Web3 companies in the world, including BNY Mellon, BNP Paribas, ANZ Bank, Revolut, and thousands more. 

Fireblocks CISO department is seeking a Senior GRC (Governance, Risk, and Compliance) Expert to join our dynamic team.

The Senior GRC Security Expert will play a vital role in strengthening and overseeing our governance, risk, and compliance (GRC) framework. This role requires a solid background in project management, with a focus on aligning compliance efforts with broader business goals. The candidate should be experienced in maintaining risk registers, evaluating internal controls, and supporting both regulatory and customer-led audits and assessments. A successful track record in implementing and managing security frameworks and policies across multi-cloud environments is essential. Strong stakeholder engagement, process optimization skills, and the ability to lead cross-functional teams are key to driving end-to-end strategic compliance initiatives.

This role is pivotal in safeguarding our company’s data integrity and ensuring compliance with financial regulations.

The GRC expert position will report to the GRC manager and be the key contact for the CISO/CIO office for supporting GRC functions in the New York region (US-East) primarily, along with supporting other geographic regions when needed.

Key Responsibilities:

• Governance Framework: Develop, implement, and maintain comprehensive governance policies and procedures to ensure financial regulations and standards compliance. Knowledge of NYDFS Part 500 /Part 200 is a plus.
• Risk Management: Identify, assess, and mitigate security risks, ensuring that robust risk management practices are in place to protect Fireblocks’ assets.
• Compliance Oversight: Ensure ongoing compliance with industry regulations, including but not limited to NYDFS Part 500/Part 200, ISO 27001, ISO 27017, CCSS, SOC 2, CIS Benchmark, NIST CSF, and regulations specific to the financial sector.
• Security Controls: Plan, conduct, and oversee security control reviews for internal systems and third-party vendors, ensuring thorough evaluation of security controls and compliance.
• Policy Development: Create and update security policies, standards, and guidelines to address evolving regulatory requirements and emerging security threats.
• Reporting: Prepare detailed reports, risk assessments, and compliance documentation for senior management and regulatory bodies, including KRI and KPI definition and measurement
• Support Sales team during DDQ, RFPs and other customer assurance activities.
• Customer-facing capabilities to promote Fireblocks’ security assets 

Required Qualifications :

• 5+ years of experience leading audits, certification initiatives, and control assessments—including scope definition, developing control procedures aligned with policies and standards, executing control testing, mapping findings to risk, and effectively communicating results.
• Relevant bachelors degree and/or certifications (e.g, CRISC, CISSP, CISM, CISA, CCSK, ISO Lead Auditor)
• Strong knowledge of Public Cloud Service Providers (AWS, Azure, GCP), specifically the type of services offered and industry-standard internal controls and best practices for configuring and managing these services (any cloud certification is a plus).
• Extensive knowledge and hands-on experience in security risk management and relevant frameworks—along with familiarity with regulatory compliance standards such as SOC 2 Type 2, ISO 27001, ISO 27017, ISO 27018, CCSS, and NIST 800-171 CSF—will be a significant advantage.
• Analytical thinker who is highly organized and detail-oriented
• Excellent written and verbal communication skills, with the ability to clearly convey information and secure alignment across all organizational levels—engaging effectively with internal stakeholders, regulators, customers, and other external parties.

Preferred Qualifications:

•  Experience or understanding of financial/Blockchain/crypto/FinTechs Industry including, the understanding of Cyber Security regulations e.g. NYDFS (New York Department of Financial Service), MAS, HKMA, Reserve Bank of Australia, The Reserve Bank of New Zealand, DORA and MICA will be a huge plus
• Experience in Big 4 companies as a senior security and audit consultant would be preference

It is not typical for a candidate to be hired at or near the top of the pay range and each compensation decision is dependent on each individual case. A reasonable base salary range estimate for this position is $140,000 to $188,000. The base salary is one component of the total compensation package, which for some roles may include a target bonus, a very competitive equity grant, and very generous benefits. 

While we believe competitive compensation is a critical aspect of you deciding to join us, we do hope you also spend time considering why our mission and culture are right for you. We are creating something transformational here, and we hope you are as excited about the future as we are.

Fireblocks' mission is to enable every business to easily and securely access digital assets and cryptocurrencies. In order to do that, we strongly believe our workforce should be as diverse as our clients, and this is why we embrace diversity and inclusion in all its forms.