Senior Security Compliance Manager

Summary

Join FalconX, a rapidly growing FinTech startup revolutionizing prime brokerage for institutional digital asset traders. As a Senior Security Compliance Manager, you will play a crucial role in setting the strategic direction of risk management and technical compliance programs, focusing on SOC2, SOC1, and other cybersecurity certifications. You will conduct cybersecurity risk assessments, collaborate with risk owners, and ensure compliance with relevant security frameworks. This position requires a strong background in security GRC, IT audit, and cybersecurity risk management, along with excellent communication and collaboration skills. FalconX offers a competitive salary, performance-linked bonuses, equity, and a comprehensive benefits package. The company fosters a fast-paced, data-driven, and learning-oriented environment.

Requirements

• Undergraduate degree in computer science or equivalent
• At least seven years of security GRC risk experience, with a strong focus on IT audit, cybersecurity risk management, ITGC control management, and testing to meet SOC1, SOC2, and ISO27001 certifications at a minimum
• Familiarity in implementing NIST Cybersecurity Framework and other relevant security frameworks
• The ability to work with a team to accomplish organizational goals and to have the flexibility to shift across various Security Compliance subject matter areas seamlessly, including third-party risk Management, Customer Trust
• Outstanding communication skills communicating with various stakeholders, including engineering, finance, legal, and auditors
• Ability to navigate successfully through various internal departments and functional groups
• Must be able to build and foster strong partnerships with business, corporate teams, and service provider
• 7+ years of progressive experience in a fast-growing company, public accounting, or tech consulting firm serving as IT audit Leader or Security GRC leader
• Demonstrated thorough knowledge of internal audit principles, best practices, and procedures and their application to security compliance
• Proven strength with process change and continuous improvement
• Proven ability to conduct risk assessments (SOC2, PCI, ISO27001, NIST CSF)
• Strong technical acumen, fluent in modern SSDLC and components including CI/CD pipeline, use of tools like GitHub, Jenkins, etc
• Experience partnering with technical teams, i.e., developers and engineering teams, and translating regulatory requirements to these stakeholders

Responsibilities

• Set the strategic direction of the Risk Management and Technical Compliance programs focusing on SOC2, SOC1, and other cybersecurity certifications
• Assist in conducting an independent assessment of cybersecurity risk and provide reporting and insight to the company's Senior Leadership Team
• Collaborate with risk owners to identify emerging cybersecurity risks, maintain a robust risk register, and document risk plan mitigations as part of maturing a cybersecurity risk management program

Preferred Qualifications

Experience in high growth/dynamic/fluid industries or companies

Benefits

• Base pay between $233,000 - $335,000 USD for New York City and San Francisco Bay Area
• Performance linked bonus
• Equity
• Competitive benefits package