Information Technology Governance, Risk & Compliance Specialist (Fintech / Cryptocurrency)

April 19, 2022

Job Description

an American Based Company - Black Pen Recruitment

Black Pen Recruitment – Our client is an American based company that is expanding globally by being one of the first movers to bring cryptocurrency to Africa and the Middle East at large. Their mission is to make cryptocurrency/blockchain and other FinTech services more accessible, and affordable, than ever before. Our client’s vision strives to form a committed team of forward-thinkers who collectively create a supportive, welcoming and highly innovative environment for all. 
They are recruiting to fill the position below:
Job Title: Information Technology Governance, Risk & Compliance Specialist (Fintech / Cryptocurrency)
Location: Remote
Employment Type: Full-time
Job Description

Work is typically performed under minimal to no supervision, with only guidance about overall goals and objectives.
Must be able to prioritize work based on evaluation of short term and long-term goals of the department and team.
Able to independently evaluate processes, identify areas of improvement, and incorporate into overall work objectives.


Coordinate the development of best practice policies and standards based on various governance frameworks. 
Ensure all IT controls are documented and assigned control owners to establish accountability. 
Ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives. 
Assist the IT Governance, Risk & Compliance function in maturing the Information Security and Technology Risk Management methodology through improvements in standardized risk assessments 
Update and maintain a robust technology risk and control framework and ensure proper alignment to relevant industry frameworks (e.g., COBIT, SOC, ISO, NIST, etc.). 
Monitoring IT controls across the organization. 
Collaborate effectively, adapt the process, risk, control framework, map organizational controls and establish the accountability and ownership for IT risk management and control activities. 
Assist in the validation of IT control alignment to various industry standards, framework, and requirements (e.g., COBIT, SOC, ISO, NIST, etc). 
Assist in Information Security and Technology Risk Management governance activities including coordinating monthly risk committee meetings with management from IT, Risk and Business Units. 
Support IT GRC capabilities such as enterprise security risk management compliance 
Policy creation, updates, and overall management and organization of shared documentation 
Control Self Assessments and Control Gap Analysis 
Third party risk management and reporting 
Maintaining a Risk Register 
Documenting and evaluating policy exception requests 
Responsible for developing and deriving KPIs from a controls baseline 
Overall analytics of the GRC program and creation and distribution of reporting metrics / dash boarding where appropriate 
Maintenance of the global scope of IT assets, controls, control owners, risks, etc. that make up the IT GRC program. 
Remediation and risk mitigation planning, implementation, and oversight.
Creation, documentation and maintenance of governance processes to oversee IT GRC programs 
GRC policy enforcement across the enterprise. 
Education of Governance principles, policies, and standards enterprise wide. 
Manage, monitor, and ensure timely updates to planned remediation efforts 
Interact with the AppSec team to assist in scheduling and testing of third-party pen tests. 
​Client Security Reviews and inquiries.


Bachelor’s Degree in a discipline related to functional work or role 
7+ years of experience in IT Governance or Security Governance working in either a Software Development, FinTech or financial institution. 
Experience working in an IT Governance, Risk and Compliance role 
Working knowledge of: SOC 2, ISO 27001, NIST CSF 
Experience in leading ISO 27001 and SOC 2 audits
Experience managing Vendor / 3rd party Risk assessments
Knowledge of applicable US laws and regulations as they relate to Information Security and the effective management of Information Security Risks. 
Strong risk assessment framework knowledge and experience performing risk assessments covering key risks and controls. 
Experience with SOC 2 audits and ISO 27001 Certification 
Very strong communication (verbal and written) skills and the ability to present with clarity
Some experience with project management (for example: planning, organizing, and managing resources to bring about the effective completion of specific project goals and objectives) is helpful. 
Industry recognized certifications such as CISSP, CISM, CRISC, CISA, or equivalent.

Application Closing Date
Not Specified.
Method of Application
Interested and qualified candidates should:
Click here to apply online

To apply for this job please visit


Hi there 👋
It’s nice to meet you!

Sign up to receive awesome content in your inbox.

We don’t spam! Read our privacy policy for more info.