OUR VISION
In the new and exciting world of the decentralized internet, otherwise known as Web3, it is an individual’s fundamental right to own and control their digital identity. To ensure that the individual is paramount in Web3, we are developing a suite of applications to enable everyone to safely engage, take part, and transact in the emerging, decentralized world of the internet. Our platform centers on Web3 Identity and leverages that identity to provide individuals with secure digital asset storage and recovery, access to decentralized finance, the ability to prove ownership of their creations, and gateways to digital interactions and experiences – all to empower and benefit every Web3 user.
We believe that the decentralized nature of Web3 creates an opportunity for everyone to challenge the digital status quo—to own and control their identity, data, finances, creations, and future. This is the chance to get it right – to rally a movement of individuals so Web3 belongs to everyone, not to trillion-dollar companies. To fulfill this vision, we are seeking dynamic people who want to join us in leading the way to this new world.
WHAT YOU WILL DO
As a key member of the Governance, Risk and Compliance (GRC) team, the Manager of GRC Platform & Projects will be critical to the buildout of the function with cross-organizational impact. With initial focus on Technology and Converged (digital and physical) security, the successful candidate will manage the GRC platform and advance diverse projects.
Manage variety of day-to-day GRC activities
- Facilitate data acquisition or analysis in TPRM cases or ITRM initiatives
- Support day-to-day initiatives across governance, risk and compliance as structured or periodically assigned
- Serve as tactical point of contact for professional functions (as summarized in next section) as a clearinghouse of current information and catalyst for internal alignment
Manage GRC platform integrity, function and refinement
- Maintain data integrity and completeness of records, improve configuration(s) and function(s), research new features and, as directed, implement them, and refine reporting
- Grow first-year focus from ITRM (40%), TPRM (35%) and IRM/ERM (25%) to, respectively: 20%, 25% and 55% as such growth will drive indicated maturation
- Drive design and build of GRC SaaS platform as enterprise CMDB for AI/ML-driven risk analysis across asset types and for robust reporting
Manage GRC projects solving for communication, coordination
- Cross-functional projects might pivot on security, compliance or risk initiatives and the expectation would be effortlessly achieved alignment and impact
- Internal projects might entail drafting policies or procedures, both for GRC operations or of cross-functional scope, heavily focused on governance
- Projects focused on risk (stochastic analysis, for example) or compliance (research “best practices”-based approaches to initiatives recommended by counsel) will be numerous
Provided that the day-to-day and platform rudiments of this role are mastered, and in short order, growth potential in terms of GRC projects – by type, role, scope, volume – would be welcome.
WHAT YOU WILL NEED TO SUCCEED
Essential to success in this role is an uncommon mix of attributes: fact-based, logical, analytical; self-directed technical savvy across SaaS and on-prem platforms, integrating and leveraging disparate data sources; ability to capture, assess and distill large amounts of information and to summarize their scope and significance; intuitive sense with capacity to form, test, affirm or deny hypotheses; exemplary interpersonal skills, effortless interaction and native partnering with different personality types across professional functions – business, legal, IT, cybersecurity, product design, application development to name a few – both inside and outside the organization; effective at getting things done under occasionally tight timeframes, with minimal supervision and a robust sense of humor.
YOUR EDUCATION AND EXPERIENCE
- Governance: at least four years of experiential knowledge of IT and cybersecurity or enterprise governance provisions, no fewer than two of which have included drafting, for example, policies, plans, standards and protocols, processes and procedures, playbooks and the like.
- Risk: no less than three years working with authoritative standards for IT and cybersecurity risk and controls, including NIST CSF, SP 800-53 r5 and 800-37 r2 or ISO 27000 Series and 31000:2018. Knowledge of assessment and independent validation best practices for the foregoing standards as well as for SOC2 Type 2 would prove valuable.
- Compliance: three years or more of experience applying cross-jurisdictional Privacy regulations, such as GDPR, CCPA and NYDFS (bonus points for exposure to others, such as AML/CFT, by diverse regulators: FinCEN, OFAC, EU, Fed/FDIC/OCC).
- Knowledge of or experience with GRC program building, SaaS-based management platforms and cross-functional project management would prove invaluable.
Blockchains, Inc. (“Blockchains”) is proud to be a diverse workforce, and we are committed to inclusion and diversity to ensure equal opportunity for all applicants. Blockchains provides equal employment opportunities to all employees and applicants regardless of race, color, religion, sex, sexual orientation, gender identity and/or expression, national origin, age, marital status, physical or mental disability, veteran status, or any other characteristic protected by federal, state, or local laws.
When you apply to a job on this site, the personal data contained in your application will be collected by Blockchains, Inc. (“Controller”), which is located at 610 Waltham Way, Sparks, NV 89437 and can be contacted by emailing privacy@blockchains.com. Controller’s data protection officer is Edward O'Connor, who can be contacted at privacy@blockchains.com. Your personal data will be processed for the purposes of managing Controller’s recruitment related activities, which include setting up and conducting interviews and tests for applicants, evaluating and assessing the results thereto, and as is otherwise needed in the recruitment and hiring processes. Such processing is legally permissible under Art. 6(1)(f) of Regulation (EU) 2016/679 (General Data Protection Regulation) as necessary for the purposes of the legitimate interests pursued by the Controller, which are the solicitation, evaluation, and selection of applicants for employment.
Your personal data will be shared with Greenhouse Software, Inc., a cloud services provider located in the United States of America and engaged by Controller to help manage its recruitment and hiring process on Controller’s behalf. Accordingly, if you are located outside of the United States, your personal data will be transferred to the United States once you submit it through this site. Because the European Union Commission has determined that United States data privacy laws do not ensure an adequate level of protection for personal data collected from EU data subjects, the transfer will be subject to appropriate additional safeguards under [either the standard contractual clauses or the Privacy Shield]. You can obtain a copy of the standard contractual clauses by contacting us at privacy@blockchains.com.
Your personal data will be retained by Controller as long as Controller determines it is necessary to evaluate your application for employment. Under the GDPR, you have the right to request access to your personal data, to request that your personal data be rectified or erased, and to request that processing of your personal data be restricted. You also have to right to data portability. In addition, you may lodge a complaint with an EU supervisory authority.