Senior Security Compliance Manager
FalconX
Who are we?
FalconX is the most advanced digital asset platform for institutions. We provide trade execution, credit & treasury management, prime offering and market making services. Given our global operations, industry-leading technology and deep liquidity, we have facilitated client transactions of $1 trillion in volume. Our products & services are regulated, compliant and trusted.
We are a team of engineers, product builders, institutional sales and trading leaders, operations experts, and business strategists. Our teammates have entrepreneurial experience and come from companies such as Google, Apple, Paypal, Citadel, Bridgewater, and Goldman Sachs. And, we embody our values: Think big; Drive bold outcomes; Be one team; Iterate with speed; and be an entrepreneur.
We prioritize learning. Outcomes are mission-critical, but we also believe that learning in success and in failure will drive our continued success. Our industry is emergent - there’s no shortage of experiments to get involved with and to continue growing and learning together.
Qualifications
- BS or MS degree in Computer Information Systems or related field
- 7+ years of experience with security GRC initiatives
- Candidate must be able to assimilate knowledge quickly, understand stakeholder’s business challenges/risks, and act as a trusted advisor to lead change, policy adoption, and monitor compliance against policies and standards
- Experience with onboarding and monitoring cybersecurity controls in cloud environments
- Experience managing SOC2, ISO, PCI DSS, or other compliance standards and framework programs
- Strong knowledge of security risk management and running audits/certification programs
- Have knowledge of NIST 800-53/800-37, NIST CSF, SOC 2, PCI, and/or ISO 27001 standards, integrated controls framework, and evaluating design and effectiveness of IT controls working directly with auditors, regulators, investors
- Experience defining compliance roadmaps based on customer requirements, compliance documentation, and ensuring that committed assessments are delivered on schedule
- Experience with GRC tool implementation
- CISA, CISSP, PCI QSA, AWS certifications) or equivalent expertise
- Technical fluency: comfortable understanding and discussing technology concepts, experience evaluating tradeoffs and new opportunities with technical team members
Responsibilities
- The Governance, Risk, and Compliance (GRC) team handles a wide range of cross-functional activities, from security compliance certifications and audits, to risk management, inbound and outbound due diligence, third-party risk management, security awareness, policy and procedures, and more
- Each of these ongoing parallel activities entails interpreting and setting requirements, assessing the effectiveness of security controls, risk-based decision-making, cross-functional collaboration and communication, and staying up-to-date on security best practices and how changes in the evolving threat landscape need to inform our strategy
- We are seeking an experienced Security Compliance lead responsible for monitoring and governing security controls in the cloud based on regulatory/compliance requirements and industry standards
- Oversee audit and governance management: optimize year-round compliance, audit, and regulatory efforts for Falconx and subsidiaries
- Build and maintain an integrated cybersecurity controls framework
- Monitor and report on compliance against Information Security policies and standards
- Maintain security compliance programs within a GRC or compliance automation solution
- Facilitate governance and track remediation within SLAs for vulnerabilities, gaps, and control deficiencies and work with business stakeholders to establish plans for sustainable resolution
- Define and execute existing or new compliance initiatives (i.e, SOC2, PCI, FFIEC CAT, NIST CSF, DORA etc)
- Work independently to conduct compliance quantitative assessments from beginning to end with minimal supervision, manage key stakeholder relationships
- Identify the root cause of control gaps and exceptions and suggest remediation steps
- Maintain a cybersecurity risk register.
- Prioritize and drive cross-functional remediation efforts for identified gaps based on risk impact and criticality.
- Compile and present compliance posture via metrics and dashboards.
Base pay for this role is expected to be between $195,000 and $250,000 USD. This expected base pay range is based on information at the time this post was generated. This role will also be eligible for other forms of compensation such as a performance linked bonus, equity, and a competitive benefits package. Actual compensation for a successful candidate will be determined based on a number of factors such as skillset, experience, and qualifications.
Notice at Collection and Privacy Policy
Applicants located in California and/or applying to a role based in California, please refer to our Notice at Collection and Privacy Policy here.
Inclusivity Statement
FalconX is committed to building a diverse, inclusive, equitable, and safe workspace for all people. Our roles are intended for people from all walks of life. We encourage all those interested in applying to our organization to submit an application regardless if you are missing some of the listed background requirements, skills, or experiences!
As part of our commitment to inclusivity, FalconX would like to acknowledge that the EEOC survey has limited potential responses that you can select. For legal reasons, FalconX must use this language to align with federal requirements, however, we want to ensure that you are able to provide a response to our own voluntary survey questions about your identity that best aligns with your most true self.
FalconX is an equal opportunity employer and will not discriminate against an applicant or employee based on race, color, religion, national origin, ancestry, ethnicity, sex (including gender, pregnancy, sexual orientation, and gender identity), age, physical or mental disability, veteran or military status, genetic information, citizenship, or any other legally-recognized protected basis under federal, state, or local law.
Applicants with disabilities may be entitled to reasonable accommodation under the Americans with Disabilities Act and other applicable state or local laws. A reasonable accommodation is a change in the way things are normally done which will ensure an equal employment opportunity without imposing undue hardship on FalconX. Please inform FalconX’s People team at recruiting@falconx.io, if you need assistance with participating in the application process.