Information Technology Governance, Risk & Compliance Specialist (Fintech / Cryptocurrency) at an American Based Company - Black Pen Recruitment

Black Pen Recruitment - Our client is an American based company that is expanding globally by being one of the first movers to bring cryptocurrency to Africa and the Middle East at large. Their mission is to make cryptocurrency/blockchain and other FinTech services more accessible, and affordable, than ever before. Our client’s vision strives to form a committed team of forward-thinkers who collectively create a supportive, welcoming and highly innovative environment for all. 

They are recruiting to fill the position below:

Job Title: Information Technology Governance, Risk & Compliance Specialist (Fintech / Cryptocurrency)

Location: Remote
Employment Type: Full-time

Job Description

• Work is typically performed under minimal to no supervision, with only guidance about overall goals and objectives.
• Must be able to prioritize work based on evaluation of short term and long-term goals of the department and team.
• Able to independently evaluate processes, identify areas of improvement, and incorporate into overall work objectives.

Duties

• Coordinate the development of best practice policies and standards based on various governance frameworks. 
• Ensure all IT controls are documented and assigned control owners to establish accountability. 
• Ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives. 
• Assist the IT Governance, Risk & Compliance function in maturing the Information Security and Technology Risk Management methodology through improvements in standardized risk assessments 
• Update and maintain a robust technology risk and control framework and ensure proper alignment to relevant industry frameworks (e.g., COBIT, SOC, ISO, NIST, etc.). 
• Monitoring IT controls across the organization. 
• Collaborate effectively, adapt the process, risk, control framework, map organizational controls and establish the accountability and ownership for IT risk management and control activities. 
• Assist in the validation of IT control alignment to various industry standards, framework, and requirements (e.g., COBIT, SOC, ISO, NIST, etc). 
• Assist in Information Security and Technology Risk Management governance activities including coordinating monthly risk committee meetings with management from IT, Risk and Business Units. 
• Support IT GRC capabilities such as enterprise security risk management compliance 
• Policy creation, updates, and overall management and organization of shared documentation 
• Control Self Assessments and Control Gap Analysis 
• Third party risk management and reporting 
• Maintaining a Risk Register 
• Documenting and evaluating policy exception requests 
• Responsible for developing and deriving KPIs from a controls baseline 
• Overall analytics of the GRC program and creation and distribution of reporting metrics / dash boarding where appropriate 
• Maintenance of the global scope of IT assets, controls, control owners, risks, etc. that make up the IT GRC program. 
• Remediation and risk mitigation planning, implementation, and oversight.
• Creation, documentation and maintenance of governance processes to oversee IT GRC programs 
• GRC policy enforcement across the enterprise. 
• Education of Governance principles, policies, and standards enterprise wide. 
• Manage, monitor, and ensure timely updates to planned remediation efforts 
• Interact with the AppSec team to assist in scheduling and testing of third-party pen tests. 
• ​Client Security Reviews and inquiries.

Requirements

• Bachelor’s Degree in a discipline related to functional work or role 
• 7+ years of experience in IT Governance or Security Governance working in either a Software Development, FinTech or financial institution. 
• Experience working in an IT Governance, Risk and Compliance role 
• Working knowledge of: SOC 2, ISO 27001, NIST CSF 
• Experience in leading ISO 27001 and SOC 2 audits
• Experience managing Vendor / 3rd party Risk assessments
• Knowledge of applicable US laws and regulations as they relate to Information Security and the effective management of Information Security Risks. 
• Strong risk assessment framework knowledge and experience performing risk assessments covering key risks and controls. 
• Experience with SOC 2 audits and ISO 27001 Certification 
• Very strong communication (verbal and written) skills and the ability to present with clarity
• Some experience with project management (for example: planning, organizing, and managing resources to bring about the effective completion of specific project goals and objectives) is helpful. 
• Industry recognized certifications such as CISSP, CISM, CRISC, CISA, or equivalent.

Application Closing Date
Not Specified.

Method of Application
Interested and qualified candidates should:
Click here to apply online