EU, GRC Expert

About the Role

We are looking for a passionate and experienced EU Governance, Risk, and Compliance (GRC) expert to contribute to our company’s efforts in aligning with the Digital Operational Resilience Act (DORA) and Markets in Crypto-Assets Regulation (MiCA) in the European Union. This role is critical in driving our security and compliance programs, ensuring they not only meet regulatory standards but also enhance trust and confidence among our customers and stakeholders.

As the EU GRC Expert, you will oversee the implementation of security frameworks and practices that align with DORA and MiCA and collaborate with cross-functional teams to embed regulatory compliance into our operations.

Reporting line: EU GRC Manager

What you will do

• Conduct gap analyses and risk assessments to identify areas of improvement in security, operational resilience, and compliance processes.
• Act as an internal audit for EU regulation and ensure Fireblocks alignment to DORA/MiCA regulation.
• Manage policies, procedures, and controls to align with EU regulatory requirements.
• Support EU customers with security matters including audits, due diligence queries, security questionnaires, etc., while demonstrating our commitment to regulatory adherence and security excellence.
• Collaborate with internal teams to ensure compliance initiatives are seamlessly integrated into business processes.
• Ensure timely identification, assessment, and remediation of risks to maintain continuous alignment with regulatory requirements.
• Stay up to date with the evolving EU regulatory landscape, constantly research and explore various approaches and solutions in the market, and provide proactive insights to the business.
• Educate and train internal teams on DORA, MiCA and other related regulations and compliance standards to foster a culture of awareness and accountability.

 Qualifications:

• Minimum of 5+ years of experience in cybersecurity or GRC, with at least 3 years experience in EU regulations.
• Proven experience in understanding and navigating security and GRC programs, working with various legal, compliance, GRC and security teams both externally with customers and internally.
• In-depth knowledge of EU regulatory frameworks such as DORA, MiCA, GDPR, MaRisk, TIBER-EU etc.
• Strong understanding of industry best practices, frameworks, standards and certifications such as SOC 2, ISO, NIST, CIS etc.
• Visionary and innovation-driven, capable of implementing security and compliance programs in complex, fast-paced organizations.
• Exceptional communication, collaboration, and interpersonal skills, with the ability to engage both technical and non-technical audiences.
• Strong analytical and problem-solving skills, with the ability to manage multiple projects simultaneously and meet tight deadlines.

Preferred Qualifications:

• Background in the financial/digital assets sector.
• Good technological understanding and familiarity with product development practices.
• CISM, CRISC, CISSP or other cyber security management or risk management certifications.