company logo

Security Risk Management & Supplier Assurance

Working with internal stakeholders, external consultants and Ledger suppliers to ensure that all suppliers are assessed or on-boarded with appropriate due…...

Founded in 2014, Ledger is a leader in security and infrastructure solutions for cryptocurrencies and blockchain applications. Headquartered in Paris, London, Singapore Vierzon and New York, Ledger has a team of 300+ professionals developing a variety of products and services to safeguard cryptocurrency assets for individuals and companies – including the Ledger hardware wallets line already sold in 165 countries.
Working with internal stakeholders, external consultants and Ledger suppliers to ensure that all suppliers are assessed or on-boarded with appropriate due diligence or security maturity identification. Assist with supporting activities including PMO functions and remediation.
This role is for a well rounded and experienced Risk Management professional covering supplier assurance, 3rd party risk assessment as well as responding to requests from customers for review of Ledgers own risk management practices and procedures. The role will focus not only on data risk management, but broader associated risk topics. The role will focus on providing a clear line of sight between effective due diligence of a supplier and financial loss or reputational damage.
Reporting to the VP Security Governance, Risk and Compliance and working closely with Legal, Procurement, Data Protection and Business Continuity functions this role will help expand existing risk management frameworks and practices.

Key Responsibilities

    • Working individually or as part of a project team to provide supplier data security advice and guidance
    • Provide subject matter expertise on all new supplier on-boarding activities including due diligence testing and security schedule contract negotiation
    • Perform on-site Third-Party Security Assessment (TPSA) assessments of all critical suppliers that transmit, process or store Ledger data
    • Work with existing and new suppliers to confirm exit strategy, data retention and data return measures
    • Assist with back-office functions and activities including TPSA scheduling, PMO, Reporting and remediation tracking
    • Assist in a continuous improvement regime
    • To work collaboratively with teams from other disciplines within Ledger and with the supplier(s)
    • Manage concurrent complex activities to short timescales
    • Ability to work under pressure to deliver good quality assessment reports
    • Timeliness of responding to supplier queries
    • Delivery of new supplier on-boarding completion
    • Delivery of on-site Third Party Security Assessment (TPSA) reports
    • Delivery of key MI to support the reporting function across markets
    • Be prepared to travel for assessments (includes international) – between 30-40%.

Qualifications

    • A recognised security certification such as CISSP, CISA or CISM is desirable but not essential
    • Skills/Knowledge/Experience
    • In depth experience in an information security related role
    • Good knowledge of all domains within security e.g. BCM, Physical, GDPR / Data Protection, Cloud, Security Management
    • Ability to explain technical complex concepts to non-technical stakeholders and suppliers
    • Experience of conducting high level assessments and deep dive multi-day assessments or audits
    • Ability to produce high quality audit or assessment reports
    • Experience of conducting contractual mark-up and negotiation with suppliers
    • Ability to provide PMO and reporting activity in support of a broader function
    • Good communication and influencing and negotiation skills
    • Experience in a similar role for a complex global organisation (insurance or financial services sector preferred but not essential)
    • Previous experience with Archer or other similar tools advantageous but not essential

Benefits

    • Competitive compensation package and ESOP according to the Company policy
    • Flexible working hours, remote-friendly environment
    • Strong focus on personal development including internal/external trainings and attendance to conferences
    • Internal talks, technical meetups and hackathons
    • High performance office equipment
    • Comprehensive health insurance policy offering extensive medical, dental and vision care coverage
    • Meal Vouchers with Swile (ex Lunchr)
    • Annual company outing for Ledgerdary Days plus infrequent parties, snacks and drinks
    • Employee discount on Ledger products
Ledger guarantees equity for all during the recruitment process, without any distinction of gender, ethnicity, religion, sexual orientation, social status, disability or age