Cybersecurity GRC Engineer

The world of digital assets is accelerating in speed, magnitude, and complexity, opening the door to new ways for leveraging the blockchain. Fireblocks’ platform and network provide the simplest and most secure way for companies to work with digital assets and it trusted by some of the largest financial institutions, banks, globally-recognized brands, and Web3 companies in the world, including BNY Mellon, BNP Paribas, ANZ Bank, Revolut, and thousands more.

About the Role

We’re looking for a highly skilled Cybersecurity Governance, Risk, and Compliance Engineer with strong technical and hands-on cybersecurity expertise. This role bridges the gap between compliance and technology — ensuring that Fireblocks’ GRC frameworks are not just compliant on paper but effective in practice across infrastructure, SaaS, and cloud environments.

As the Cybersecurity GRC Engineer you will oversee the technical execution of GRC initiatives, collaborating with cross-functional teams (Security Engineering, IT, DevOps, Product) to drive resilience, risk reduction, and audit readiness across the organization.

Reporting line: GRC Director

What you will do

• Collaborate with R&D and DevOps teams to integrate security into development and deployment processes.
• Perform technical risk assessments, vulnerability trend analysis, and threat modeling to ensure risk registers reflect the true security posture.
• Lead security awareness and social-engineering simulations, correlating campaign results with real technical findings (phishing, MFA bypass, insider threat trends).
• Initiate and coordinate offensive security activities including penetration testing, red teaming, and vulnerability assessments to proactively identify and mitigate risks.
• Support incident response readiness by integrating lessons learned into policy, control design, and awareness materials.
• Leverage AI to automate GRC reporting, surface risk insights, and maintain intelligent dashboards integrated with platforms like ServiceNow, Jira, and internal data sources.
• Partner with Security Engineering and IT teams to ensure consistent endpoint hardening, patch management, and configuration compliance.
• Coordinate DR exercises and tabletop simulations, track findings, and oversee remediation to strengthen resilience.
• Prepare for and support internal and external audits, including SOC 2, ISO 27001, NYDFS, and customer due-diligence requests.

Qualifications:

• +3 years of experience in GRC, IT Risk, or Security Operations, with at least 2 years hands-on in technical environments (e.g., system administration, cloud security, endpoint management, vulnerability management).
• Strong working knowledge of cloud security (AWS, GCP, or Azure) and endpoint management (Jamf, Intune, CrowdStrike).
• Proven ability to automate or optimize GRC workflows using tools, APIs, and AI.
• Practical experience designing or testing Disaster Recovery and Business Continuity programs.
• Strong analytical and problem-solving skills; able to translate complex technical risks into actionable business terms.
• Visionary and innovation-driven, capable of implementing security and compliance programs in complex, fast-paced organizations.
• Exceptional communication, collaboration, and interpersonal skills, with the ability to engage both technical and non-technical audiences.
• Strong analytical, problem-solving skills and attention to detail, with the ability to manage multiple projects simultaneously and meet tight deadlines.

Preferred Qualifications:

• Certifications such as CISA, CISM, CISSP, or Security+.
• Background in the financial / digital assets sector or regulated environments.
• Strong technological understanding and familiarity with product development practices.