Senior Director of Governance, Risk and Compliance

As the Senior Director of GRC, you will define and lead Ripple's Governance, Risk & Compliance strategy. This is a high-impact leadership role at the nexus of security, regulatory compliance, and business strategy in one of the most multifaceted sectors in FinTech. You will build a unified, engineering-first GRC function that spans a diverse and growing team and be the authoritative voice on compliance, risk posture, and governance maturity to senior leadership, regulators, and partners worldwide.

• →Set the strategic vision and multi-year roadmap for GRC, ensuring programs scale with Ripple's growth and evolving regulatory landscape.
• →Pioneer the use of AI and automation across the GRC function, from continuous control monitoring and automated evidence collection to AI-assisted risk assessments and policy management, reducing manual overhead, accelerating audit readiness, and shifting the program from reactive compliance to predictive risk intelligence.
• →Lead, mentor, and grow a team of GRC Program Managers and Engineers, fostering a culture of rigorous thinking, continuous improvement, and cross-functional collaboration.
• →Design and operate an integrated GRC program spanning Enterprise Risk Management (ERM), Compliance, BCDR, and Internal Audit, with a strong emphasis on data sharing and cross-functional alignment.
• →Own and advance Ripple's regulatory compliance posture across global jurisdictions, including NYDFS, MAS, DFSA, CBI, FSA, DORA, CSSF, GDPR, LGPD, and NIST.
• →Drive and maintain SOC 2 Type II and ISO 27001 certifications across product suites, and provide IT General Controls (ITGC) support for SOX/SOC1 and financial audits.
• →Build and operate a proactive risk management program that continuously aligns InfoSec risks with organizational objectives and drives accountability across engineering and product teams.
• →Lead the Third-Party Risk Management program, setting the standard for vendor security evaluation and supply chain risk at scale.
• →Own the Customer Security Assurance Program, ensuring enterprise customers and partners have clear, confident visibility into Ripple's security posture.
• →Drive a security-first culture by building awareness and training programs that turn every employee into an active line of defense across asset protection, data stewardship, and emerging threat landscapes.
• →Serve as a key executive voice in communicating risk posture, program maturity, and compliance status to the CISO, Board, and external regulators.

• 15+ years of experience in information security GRC, with at least 5+ years in a senior leadership role, preferably in crypto, blockchain, or FinTech.
• Demonstrated success building and scaling GRC programs from the ground up in a high-growth or M&A environment. Experience integrating an acquired entity's security function serves as a significant differentiator.
• Deep expertise in global regulatory frameworks, including NYDFS, MAS, DFSA, DORA, GDPR, SOC 2, ISO 27001, NIST CSF, and SOX/ITGC.
• Proven experience leading cross-functional GRC programs that span InfoSec, ERM, Compliance, BCDR, and Internal Audit with a data-driven, systems-first mindset.
• Strong track record of building automated, self-service evidence collection and audit readiness programs that reduce engineering drag.
• Experience operating a Third-Party Risk Management program at scale, with hands-on knowledge of vendor security assessments and supply chain risk.
• Hands-on experience with GRC platforms and comfort driving tooling strategy.
• Executive-level communication skills, the ability to translate complex risk and compliance concepts into clear, actionable narratives for Board members, regulators, and technical teams alike.
• Experience with crypto, digital asset, or stablecoin compliance (e.g., SOX attestation for stablecoin reserves, digital asset risk frameworks) is a strong plus.
• Demonstrated ability to lead and develop geographically distributed, cross-functional teams through periods of change and organizational growth.
• A builder's mindset: you are drawn to ambiguity, energized by building structure where none exists, and motivated by measurable outcomes.

Do Your Best Work

• The opportunity to build in a fast-paced start-up environment with experienced industry leaders
• A learning environment where you can dive deep into the latest technologies and make an impact.  A professional development budget to support other modes of learning.
• Thrive in an environment where no matter what race, ethnicity, gender, origin, or culture they identify with, every employee is a respected, valued, and empowered part of the team.
• In-office collaboration for moments that matter is important to our culture, and we give managers and teams the flexibility to decide which 10+ days a month they come in. 
• Bi-weekly all-company meeting - business updates and ask me anything style discussion with our Leadership Team
• We come together for moments that matter which include team offsites, team bonding activities, happy hours and more!

Take Control of Your Finances

• Competitive salary, bonuses, and equity
• Competitive benefits that cover physical and mental healthcare, retirement, family forming, and family support
• Employee giving match
• Mobile phone stipend

Take Care of Yourself

• R&R days so you can rest and recharge
• Generous wellness reimbursement and weekly onsite & virtual programming
• Generous vacation policy - work with your manager to take time off when you need it
• Industry-leading parental leave policies. Family planning benefits.
• Catered lunches, fully-stocked kitchens with premium snacks/beverages, and plenty of fun events

Benefits listed above are for full-time employees.