Information Security GRC Specialist - Remote

About the Role

We are seeking an Information Security GRC Specialist to join our dynamic team at Bitso. This remote position is essential for ensuring our information security governance, risk, and compliance processes are robust and effective. As an integral part of the Information Security Governance, Risk, and Compliance team, you will play a crucial role in implementing and maintaining security policies, technical standards, and procedures. You will also oversee security risk management and compliance with applicable security standards and regulations.

What You'll Do

• Maintain and continuously improve the Information Security GRC Program.
• Act as a key liaison with regulatory authorities on information security-related topics.
• Support the adoption and consistent implementation of security policies, standards, and procedures across all lines of business.
• Conduct regular information security and maturity assessments of Bitso’s information security controls, and follow up on treatment plans across the organization.
• Collaborate with internal and external security audits, proactive technical assessments, and tracking findings and recommendations for appropriate action.
• Shift from manual compliance assessments to an automated, continuous, and integrated practice, embedding compliance directly into the technical stack.

Requirements

• Proven English proficiency with a minimum of 5 years of experience in Information Security GRC roles.
• At least 3 years of experience leading or coordinating internal compliance assessments, internal audits, or acting as a strategic consultant.
• Expert knowledge of information security frameworks and best practices (e.g., ISO/IEC 27000 series, COBIT, NIST SP 800-xx, NIST CSF, and CIS).
• Working knowledge in scripting and data analysis to extract relevant information from logs.
• Proficiency in IT audit, compliance, and maturity assessments.
• Certification such as Certified Information Systems Auditor (CISA) or equivalent credentials.

Nice to Have

• Minimum 2 years of strategic consulting experience, particularly within financial institutions.
• Additional certifications such as Certified ISO 27k Lead Auditor, CISSP, or PMP.
• Familiarity with international regulations such as GDPR.

What We Offer

• Unlimited paid time off through our Me Time program.
• Remote-first work environment.
• Employee Stock Option program.
• Premium health, dental, and life insurances in multiple countries.
• Monthly stipend for gym memberships, relaxation activities, and more.

Join us at Bitso, where you will be at the forefront of crypto innovation, creating the next generation of crypto-powered products. If you are passionate about information security and want to make a difference in the crypto space, we encourage you to apply for this Information Security GRC Specialist - Remote position.