Senior Grc Program Manager

Ripple Ripple · Fintech · Luxembourg, Luxembourg · Engineering

This role focuses on governance, risk, and compliance (GRC) within Ripple's Luxembourg entity, ensuring operational execution and adherence to EU/Luxembourg security frameworks like DORA. It involves managing outsourced ICT services, coordinating technical security controls, collaborating with global teams, and providing operational guidance for product security and customer trust in the digital asset space.

What you'd actually do

  1. Ensure the operational implementation and maintenance of EU / Luxembourg security frameworks, including the Digital Operational Resilience Act (DORA) and supporting technical standards.
  2. Own the day-to-day management and operational oversight of outsourced ICT and security services (provided by related entities within the Ripple Group or third parties), ensuring service delivery meets local regulatory standards and SLAs.
  3. Effectively engage with global Engineering and IT teams to track and evaluate future infrastructure, application, and architectural changes, ensuring they are designed with operational resilience and regional compliance in mind.
  4. Coordinate the implementation of technical security controls across our infrastructure and application environments, ensuring alignment with Ripple’s internal controls and regulatory guidelines (e.g., EBA, ESMA, CSSF).
  5. Collaborate with global InfoSec teams to develop, maintain, and localize InfoSec Policies, Standards, and Procedures relevant to EU compliance.

Skills

Required

  • 5+ years of experience in Information Security infrastructure, preferably within a highly regulated industry.
  • Demonstrable experience working within the Luxembourg financial or technology sector, with a strong understanding of the local business and regulatory landscape.
  • Solid working knowledge of DORA operational requirements, including resilience testing, ICT third-party management, and incident response.
  • Familiarity with EU regulatory frameworks, including MiCA and related EBA and ESMA technical standards.
  • Proficiency with common information technology and security frameworks, such as ISO 27001, SOC2, and NIST.
  • Comfortable accessing systems directly to gather and analyse technical evidence, including logs, configuration data, and database queries, within a cloud-native environment.
  • Ability to create clear, audience-tailored technical documentation and SOPs.
  • Experience collaborating effectively with cross-functional teams of engineers, product managers, and compliance experts.
  • Professional proficiency in English is required.

Nice to have

  • Familiarity with tools such as Jira, Confluence, JupiterOne, Okta, AWS, Tines, and integrated GRC platforms is an advantage.
  • Desirable certifications include CISSP, CISA, AWS Certified Security, and PMP.
  • Professional proficiency in French is desirable

What the JD emphasized

  • operational implementation and maintenance of EU / Luxembourg security frameworks
  • Digital Operational Resilience Act (DORA)
  • operational oversight of outsourced ICT and security services
  • regional compliance
  • technical security controls
  • regulatory guidelines
  • InfoSec Policies, Standards, and Procedures
  • operational monitoring, incident response, and compliance efforts
  • operational domain expert
  • customer audits, and regulatory exams
  • operational security guidance
  • security due diligence questionnaires
  • evolving regulations, threats, and best practices
  • highly regulated industry
  • Luxembourg financial or technology sector
  • local business and regulatory landscape
  • DORA operational requirements
  • ICT third-party management
  • incident response
  • EU regulatory frameworks
  • MiCA
  • EBA and ESMA technical standards
  • ISO 27001
  • SOC2
  • NIST
  • cloud-native environment