Senior Director of Governance, Risk and Compliance

span 400; At Ripple, we’re building a world where value moves like information does today. It’s big, it’s bold, and we’re already doing it. Through our crypto solutions for financial institutions, businesses, governments and developers, we are improving the global financial system and creating greater economic fairness and opportunity for more people, in more places around the world. And we get to do the best work of our career and grow our skills surrounded by colleagues who have our backs.

span 400; If you’re ready to see your impact and unlock incredible career growth opportunities, join us, and build real world value.

strong THE WORK:

As the Senior Director of GRC, you will define and lead Ripple s Governance, Risk and Compliance strategy. This is a high-impact leadership role at the nexus of security, regulatory compliance, and business strategy in one of the most multifaceted sectors in FinTech. You will build a unified, engineering-first GRC function that spans a diverse and growing team and be the authoritative voice on compliance, risk posture, and governance maturity to senior leadership, regulators, and partners worldwide.

strong WHAT YOU LL DO:

Set the strategic vision and multi-year roadmap for GRC, ensuring programs scale with Ripple s growth and evolving regulatory landscape.
Pioneer the use of AI and automation across the GRC function, from continuous control monitoring and automated evidence collection to AI-assisted risk assessments and policy management, reducing manual overhead, accelerating audit readiness, and shifting the program from reactive compliance to predictive risk intelligence.
Lead, mentor, and grow a team of GRC Program Managers and Engineers, fostering a culture of rigorous thinking, continuous improvement, and cross-functional collaboration.
Design and operate an integrated GRC program spanning Enterprise Risk Management (ERM), Compliance, BCDR, and Internal Audit, with a strong emphasis on data sharing and cross-functional alignment.
Own and advance Ripple s regulatory compliance posture across global jurisdictions, including NYDFS, MAS, DFSA, CBI, FSA, DORA, CSSF, GDPR, LGPD, and NIST.
Drive and maintain SOC 2 Type II and ISO 27001 certifications across product suites, and provide IT General Controls (ITGC) support for SOX/SOC1 and financial audits.
Build and operate a proactive risk management program that continuously aligns InfoSec risks with organizational objectives and drives accountability across engineering and product teams.
Lead the Third-Party Risk Management program, setting the standard for vendor security evaluation and supply chain risk at scale.
Own the Customer Security Assurance Program, ensuring enterprise customers and partners have clear, confident visibility into Ripple s security posture.
Drive a security-first culture by building awareness and training programs that turn every employee into an active line of defense across asset protection, data stewardship, and emerging threat landscapes.
Serve as a key executive voice in communicating risk posture, program maturity, and compliance status to the CISO, Board, and external regulators.

strong WHAT YOU LL BRING:

15+ years of experience in information security GRC, with at least 5+ years in a senior leadership role, preferably in crypto, blockchain, or FinTech.
Demonstrated success building and scaling GRC programs from the ground up in a high-growth or M and A environment. Experience integrating an acquired entity s security function serves as a significant differentiator.
Deep expertise in global regulatory frameworks, including NYDFS, MAS, DFSA, DORA, GDPR, SOC 2, ISO 27001, NIST CSF, and SOX/ITGC.
Proven experience leading cross-functional GRC programs that span InfoSec, ERM, Compliance, BCDR, and Internal Audit with a data-driven, systems-first mindset.
Strong track record of building automated, self-service evidence collection and audit readiness programs that reduce engineering drag.
Experience operating a Third-Party Risk Management program at scale, with hands-on knowledge of vendor security assessments and supply chain risk.
Hands-on experience with GRC platforms and comfort driving tooling strategy.
Executive-level communication skills, the ability to translate complex risk and compliance concepts into clear, actionable narratives for Board members, regulators, and technical teams alike.
Experience with crypto, digital asset, or stablecoin compliance (e.g., SOX attestation for stablecoin reserves, digital asset risk frameworks) is a strong plus.
Demonstrated ability to lead and develop geographically distributed, cross-functional teams through periods of change and organizational growth.
A builder s mindset: you are drawn to ambiguity, energized by building structure where none exists, and motivated by measurable outcomes.

For positions that will be based in CA, the annual salary range for this position is below. Actual salaries may vary based on numerous factors including, among other things, an individual applicant’s experience and qualifications for the position. This range does not include equity or additional compensation, such as bonuses or commissions.

CA Annual Base Salary Range

span $300,000 span span $360,000 USD

strong WHO WE ARE:

span 400; Do Your Best Work

400; span 400; The opportunity to build in a fast-paced start-up environment with experienced industry leaders
400; span 400; A learning environment where you can dive deep into the latest technologies and make an impact. A professional development budget to support other modes of learning.
400; span 400; Thrive in an environment where no matter what race, ethnicity, gender, origin, or culture they identify with, every employee is a respected, valued, and empowered part of the team.
400; span 400; In-office collaboration for moments that matter is important to our culture, and we give managers and teams the flexibility to decide which 10+ days a month they come in.
400; span 400; Bi-weekly all-company meeting - business updates and ask me anything style discussion with our Leadership Team
400; span 400; We come together for moments that matter which include team offsites, team bonding activities, happy hours and more!

span 400; Take Control of Your Finances

400; span 400; Competitive salary, bonuses, and equity
400; span 400; Competitive benefits that cover physical and mental healthcare, retirement, family forming, and family support
400; span 400; Employee giving match
400; span 400; Mobile phone stipend

span 400; Take Care of Yourself

400; span 400; R and R days so you can rest and recharge
400; span 400; Generous wellness reimbursement and weekly onsite and virtual programming
400; span 400; Generous vacation policy - work with your manager to take time off when you need it
400; span 400; Industry-leading parental leave policies. Family planning benefits.
400; span 400; Catered lunches, fully-stocked kitchens with premium snacks/beverages, and plenty of fun events

span 400; em Benefits listed above are for full-time employees.

em Ripple is an Equal Opportunity Employer. We’re committed to building a diverse and inclusive team. We do not discriminate against qualified employees or applicants because of race, color, religion, gender identity, sex, sexual identity, pregnancy, national origin, ancestry, citizenship, age, marital status, physical disability, mental disability, medical condition, military status, or any other characteristic protected by local law or ordinance.

em Please find our a UK/EU Applicant Privacy Notice and our a California Applicant Privacy Notice for reference.