Senior Director of Governance, Risk and Compliance

At Ripple, we’re building a world where value moves like information does today. It’s big, it’s bold, and we’re already doing it. Through our crypto solutions for financial institutions, businesses, governments and developers, we are improving the global financial system and creating greater economic fairness and opportunity for more people, in more places around the world. And we get to do the best work of our career and grow our skills surrounded by colleagues who have our backs. If you’re ready to see your impact and unlock incredible career growth opportunities, join us, and build real world value. THE WORK: As the Senior Director of GRC, you will define and lead Ripple's Governance, Risk Compliance strategy. This is a high-impact leadership role at the nexus of security, regulatory compliance, and business strategy in one of the most multifaceted sectors in FinTech. You will build a unified, engineering-first GRC function that spans a diverse and growing team and be the authoritative voice on compliance, risk posture, and governance maturity to senior leadership, regulators, and partners worldwide. WHAT YOU'LL DO: Set the strategic vision and multi-year roadmap for GRC, ensuring programs scale with Ripple's growth and evolving regulatory landscape. Pioneer the use of AI and automation across the GRC function, from continuous control monitoring and automated evidence collection to AI-assisted risk assessments and policy management, reducing manual overhead, accelerating audit readiness, and shifting the program from reactive compliance to predictive risk intelligence. Lead, mentor, and grow a team of GRC Program Managers and Engineers, fostering a culture of rigorous thinking, continuous improvement, and cross-functional collaboration. Design and operate an integrated GRC program spanning Enterprise Risk Management (ERM), Compliance, BCDR, and Internal Audit, with a strong emphasis on data sharing and cross-functional alignment. Own and advance Ripple's regulatory compliance posture across global jurisdictions, including NYDFS, MAS, DFSA, CBI, FSA, DORA, CSSF, GDPR, LGPD, and NIST. Drive and maintain SOC 2 Type II and ISO 27001 certifications across product suites, and provide IT General Controls (ITGC) support for SOX/SOC1 and financial audits. Build and operate a proactive risk management program that continuously aligns InfoSec risks with organizational objectives and drives accountability across engineering and product teams. Lead the Third-Party Risk Management program, setting the standard for vendor security evaluation and supply chain risk at scale. Own the Customer Security Assurance Program, ensuring enterprise customers and partners have clear, confident visibility into Ripple's security posture. Drive a security-first culture by building awareness and training programs that turn every employee into an active line of defense across asset protection, data stewardship, and emerging threat landscapes. Serve as a key executive voice in communicating risk posture, program maturity, and compliance status to the CISO, Board, and external regulators. WHAT YOU'LL BRING: 15+ years of experience in information security GRC, with at least 5+ years in a senior leadership role, preferably in crypto, blockchain, or FinTech. Demonstrated success building and scaling GRC programs from the ground up in a high-growth or MA environment. Experience integrating an acquired entity's security function serves as a significant differentiator. Deep expertise in global regulatory frameworks, including NYDFS, MAS, DFSA, DORA, GDPR, SOC 2, ISO 27001, NIST CSF, and SOX/ITGC. Proven experience leading cross-functional GRC programs that span InfoSec, ERM, Compliance, BCDR, and Internal Audit with a data-driven, systems-first mindset. Strong track record of building automated, self-service evidence collection and audit readiness programs that reduce engineering drag. Experience operating a Third-Party Risk Management progra ... (truncated, view full listing at source)