Grc Expert- Singapore

The Governance, Risk, and Compliance expert is responsible for the assessing and documenting of Fireblocks’s compliance and risk posture.

Fireblocks Security, Governance, Risk, and Compliance (GRC) expert is responsible among others for ensuring Fireblocks leadership has the information needed to make strategic risk-based decisions enabling the achievement of Fireblocks business objectives globally. The GRC expert will deploy common governance, risk, and compliance processes, controls, conducts audits, documents, and ensures that technologies, business operations are structured and configured as well for data protection & compliance.

**Requirements**:
**About the Role**:

- Support the Sales effort and participating with prospects DD process
- Internal & External Security Audits
- Security Compliance, Vulnerability management, Third Party Risk Management Services
- IT and Cyber Security Strategy and projects
- Policy and Procedures Management
- Metrics, KRI’s, KPIs and Dashboard reporting

The GRC expert position will report to the GRC manager and be the key contact for the CISO/CIO office for supporting GRC functions in the APAC region primarily, along with supporting other regions as well. The GRC function will ensure an understanding of local/regional laws and regulations that need to be followed and addressed appropriately.

Furthermore, the role includes the following responsibilities:

- Security reviews, Compliance, Policies, Controls, Audits, Global/Regional Regulations, SLT meetings reviews and presentations, etc.
- Manage the GRC tool with updated IT and Cyber security risk register, controls, gaps, remediation and reporting. Coordinate and track all information technology and security related audits.
- GRC capability areas such as security risk management, compliance management with the changing APAC laws and applicable regulations, policy management, awareness & training.
- Support GRC team to provide training and mentoring employees, if needed.
- Work closely with other team SMEs supporting the business to provide guidance to drive towards a cohesive view of security risk and drive open remediation items to closure
- Responsible for periodic review of the compliance with Fireblocks security policies and procedures among employees, contractors and other third parties and co-ordinate with relevant stakeholders to ensure that compliance requirements are met
- Maintain up-to-date knowledge in GRC areas to be able to advise clients
- Plan and co-ordinate for implementation of information security controls based among others on ISO 27001, ISO 27017, CCSS,, SOC 2, CIS Benchmark, NIST CSF etc.

**Preferred**:

- 7+ years experience preferred in performing and running audits, certification programs and control assessments, including but not limited to scope planning, defining control procedures based on requirements, policies and standards, control testing, mapping issues to risks and socializing results.
- Advantage: Experienced with financial/Blockchain/crypto/Fintechs industry including understanding Cyber Security regulations.
- Strong knowledge of Public Cloud Service Providers (AWS, Azure, GCP), specifically the types of services offered and industry-standard internal controls and best practices for configuring and managing these services **(Any cloud certification is a plus).**:

- Relevant BA/BS degree and/or certifications (e.g, CRISC, CISSP, CCIE, CISM, CISA, CCSK)
- Strong knowledge of and experience in security risk management and with frameworks including related regulatory compliance requirements (e.g. SOC2 Type 2, ISO 27001,ISO 27017, ISO 27018, CCSS, NIST 800-171 CSF, etc) will be a huge plus
- Analytical thinker who is highly organized and pays close attention to detail.
- Strong written and verbal communication skills; ability to effectively communicate and obtain buy-in at all levels of the organization and with internal stakeholders across the business.
- Applicable information security management, governance, and compliance principles, practices, laws, rules and regulations;
- Understanding on reviewing of Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols.