Controls & GRC Specialist - Fireblocks
- חברה: Fireblocks
- מיקום: Tel Aviv-Yafo, Tel Aviv District, Israel
תיאור המשרה
Run the auditor relationship: Act as the primary contact for our external auditors. Manage the auditor transition, scoping, walkthroughs, PBC and sample requests, evidence delivery, and resolution of deviations.
תחומי אחריות
Own the evidence: Personally collect, label, and file control evidence and screenshots. Maintain an audit-ready repository that stays current all year, not just at cycle time.
Define the requirements: Translate each control objective into testable specifications for Engineering, Infrastructure, Security, HR, and Finance. Identify gaps and drive them closed.
Run the auditor relationship: Act as the primary contact for our external auditors. Manage the auditor transition, scoping, walkthroughs, PBC and sample requests, evidence delivery, and resolution of deviations.
Represent us to customers: Lead customer-facing calls on the SOC 1 control environment, answer control questions directly, and confirm complementary user-entity controls (IP allowlisting, MFA, access approvals, authorized-user lists).
Execute the recurring controls: Run the operating cadence - weekly reconciliation minutes; quarterly access reviews; and the annual cycle covering penetration testing, cloud (AWS) SOC report review, board minutes, performance evaluations, and security training, including 30-day new-hire training.
Manage the access lifecycle: Oversee access-request approvals, terminations and offboarding, and privileged-access lists.
Hold the line on operational controls: Cover monitoring, vulnerability scanning (no open critical or high findings), backup and BCP/DR, and incident records.
3-5 years in IT compliance, IT audit, or GRC , including at least one full SOC 1 Type II cycle owned hands-on, from evidence collection through report issuance.
Finance reconciliation expertise: A strong grasp of transaction and balance reconciliation, controls over completeness and accuracy, and discrepancy resolution. Crypto or digital-asset reconciliation experience is a strong plus.
Hands-on tooling fluency: Comfortable working directly in AWS (IAM/SSO), GitHub, ticketing systems, monitoring, vulnerability scanners, and compliance tooling.
Documentation discipline: You produce clear, structured, audit-grade documentation as a matter of habit.
Cross-functional credibility: You're equally credible with engineers, finance teams, and external auditors, and you can move between those audiences without losing precision.
Customer-facing composure: You can represent a control environment to customers and stand behind it under scrutiny.
Ownership mindset: You treat the program as yours. You chase down evidence, follow up on gaps, and keep the repository ready without being asked.
Bias toward the practical: You balance control rigor with the realities of a fast-moving, global financial infrastructure business.
דרישות
Run the auditor relationship: Act as the primary contact for our external auditors. Manage the auditor transition, scoping, walkthroughs, PBC and sample requests, evidence delivery, and resolution of deviations.