Senior Director of Governance, Risk and Compliance

About The Position

Requirements

• 15+ years of experience in information security GRC, with at least 5+ years in a senior leadership role, preferably in crypto, blockchain, or FinTech.
• Demonstrated success building and scaling GRC programs from the ground up in a high-growth or M&A environment.
• Experience integrating an acquired entity's security function serves as a significant differentiator.
• Deep expertise in global regulatory frameworks, including NYDFS, MAS, DFSA, DORA, GDPR, SOC 2, ISO 27001, NIST CSF, and SOX/ITGC.
• Proven experience leading cross-functional GRC programs that span InfoSec, ERM, Compliance, BCDR, and Internal Audit with a data-driven, systems-first mindset.
• Strong track record of building automated, self-service evidence collection and audit readiness programs that reduce engineering drag.
• Experience operating a Third-Party Risk Management program at scale, with hands-on knowledge of vendor security assessments and supply chain risk.
• Hands-on experience with GRC platforms and comfort driving tooling strategy.
• Executive-level communication skills, the ability to translate complex risk and compliance concepts into clear, actionable narratives for Board members, regulators, and technical teams alike.
• Demonstrated ability to lead and develop geographically distributed, cross-functional teams through periods of change and organizational growth.
• A builder's mindset: you are drawn to ambiguity, energized by building structure where none exists, and motivated by measurable outcomes.

Nice To Haves

• Experience with crypto, digital asset, or stablecoin compliance (e.g., SOX attestation for stablecoin reserves, digital asset risk frameworks) is a strong plus.

Responsibilities

• Set the strategic vision and multi-year roadmap for GRC, ensuring programs scale with Ripple's growth and evolving regulatory landscape.
• Pioneer the use of AI and automation across the GRC function, from continuous control monitoring and automated evidence collection to AI-assisted risk assessments and policy management, reducing manual overhead, accelerating audit readiness, and shifting the program from reactive compliance to predictive risk intelligence.
• Lead, mentor, and grow a team of GRC Program Managers and Engineers, fostering a culture of rigorous thinking, continuous improvement, and cross-functional collaboration.
• Design and operate an integrated GRC program spanning Enterprise Risk Management (ERM), Compliance, BCDR, and Internal Audit, with a strong emphasis on data sharing and cross-functional alignment.
• Own and advance Ripple's regulatory compliance posture across global jurisdictions, including NYDFS, MAS, DFSA, CBI, FSA, DORA, CSSF, GDPR, LGPD, and NIST.
• Drive and maintain SOC 2 Type II and ISO 27001 certifications across product suites, and provide IT General Controls (ITGC) support for SOX/SOC1 and financial audits.
• Build and operate a proactive risk management program that continuously aligns InfoSec risks with organizational objectives and drives accountability across engineering and product teams.
• Lead the Third-Party Risk Management program, setting the standard for vendor security evaluation and supply chain risk at scale.
• Own the Customer Security Assurance Program, ensuring enterprise customers and partners have clear, confident visibility into Ripple's security posture.
• Drive a security-first culture by building awareness and training programs that turn every employee into an active line of defense across asset protection, data stewardship, and emerging threat landscapes.
• Serve as a key executive voice in communicating risk posture, program maturity, and compliance status to the CISO, Board, and external regulators.