Description
We are seeking a seasoned and strategic GRC Manager to spearhead our risk management function. In this pivotal role, you will leverage your extensive 12+ years of hands-on experience and engineering background to build and mature a robust, risk-centric GRC program. You will be responsible for designing, implementing, and continuously improving our risk management framework, focusing on the unique technological and operational challenges of the Fintech landscape. This is a leadership position that requires deep collaboration with engineering and product teams to embed security-by-design principles throughout the development lifecycle. You will define our enterprise risk appetite, develop and monitor key risk indicators, and provide clear, actionable insights to executive leadership and the Board. Your expertise will be crucial in leading quantitative risk analysis and managing the response to significant incidents, ensuring the resilience and integrity of our platform. This role is ideal for a technical leader passionate about building a proactive, data-driven risk culture.
Requirements
1. Bachelor's degree or higher in Engineering, Computer Science, or a related technical field.
2. A minimum of 12 years of progressive, hands-on experience in technology risk management, cybersecurity, or GRC.
3. Demonstrated experience in designing, implementing, and managing risk management frameworks (e.g., COSO, ISO 31000, NIST RMF).
4. Proven experience within the Fintech, banking, or financial services industry, with a deep understanding of its specific risk profile.
5. Strong background in collaborating with engineering and product teams to integrate risk controls into the SDLC (Software Development Lifecycle).
6. Expertise in quantitative risk analysis methodologies and modeling (e.g., FAIR, Monte Carlo simulations).
7. Experience leading incident response and crisis management for significant technology or security events.
8. Proven ability to define risk appetite and present complex risk topics to executive leadership and board-level stakeholders.
Desirable
1. Professional certifications such as CRISC, CISM, CISSP, or CGEIT.
2. Experience with GRC automation platforms (e.g., ServiceNow GRC, Archer, LogicGate).
3. In-depth knowledge of cloud security principles and risk management for IaaS/PaaS/SaaS environments (AWS, Azure, GCP).
4. Familiarity with key regulations and standards impacting Fintech, such as PCI-DSS, GDPR, and SOX.
5. Hands-on experience with security architecture and secure coding practices.