JoBuzzerJoBuzzer
Fireblocks logo

Compliance Owner

Fireblocks
Tel Aviv District·Tel Aviv Yafo·Israel·Full Time·Onsite·Legal & Compliance·Senior
Search on LinkedIn ↗

Summary

Fireblocks is seeking a SOC 1 Compliance Owner for their Tel Aviv office. This senior, hands-on role is responsible for end-to-end ownership of the SOC 1 Type II program, including evidence collection, control design, auditor relations, and customer-facing interactions. The ideal candidate will have 3-5 years of experience in IT compliance or audit, strong technical skills in AWS, GitHub, and monitoring tools, and excellent communication skills to collaborate across different teams and represent the company to customers. The role requires a practical, evidence-based approach to compliance embedded within business operations.

Required Skills

GitHubSOC 1IT AuditIT ComplianceAWS

Details

Experience Required
3+ years
Posted
Jun 28, 2026

Description

The world of digital assets is accelerating in speed, magnitude, and complexity, opening the door to new ways for leveraging the blockchain. Fireblocks’ platform and network provide the simplest and most secure way for companies to work with digital assets and it trusted by some of the largest financial institutions, banks, globally-recognized brands, and Web3 companies in the world, including BNY Mellon, BNP Paribas, ANZ Bank, Revolut, and thousands more. 

SOC 1 Compliance Owner

The world of digital assets is accelerating in speed, magnitude, and complexity, opening the door to new ways for leveraging the blockchain. Fireblocks' platform and network provide the simplest and most secure way for companies to work with digital assets, and it's trusted by some of the largest financial institutions, banks, globally-recognized brands, and Web3 companies in the world, including BNY Mellon, BNP Paribas, ANZ Bank, Revolut, and thousands more.

Making Compliance Real-As our SOC 1 Compliance Owner, you'll own the SOC 1 Type II program end-to-end across TRES and our corporate environment. This is a senior, fully hands-on role: you don't just design the control framework, you run it — collecting the evidence, defining the requirements, sitting on the calls with auditors and customers, and closing the gaps yourself.

Your first priority is leading the transition to our new external auditor without dropping a single control in the process. From there, you keep the program audit-ready year-round rather than scrambling at cycle time.

If you believe compliance should be practical, evidence-backed, and embedded in how the business actually operates — not a binder that gets opened once a year — we want you on the team.

 What the Role Looks Like

You will be the single owner of the SOC 1 control environment, accountable for the program from evidence through report issuance:

  • Own the evidence: Personally collect, label, and file control evidence and screenshots. Maintain an audit-ready repository that stays current all year, not just at cycle time.
  • Define the requirements: Translate each control objective into testable specifications for Engineering, Infrastructure, Security, HR, and Finance. Identify gaps and drive them closed.
  • Run the auditor relationship: Act as the primary contact for our external auditors. Manage the auditor transition, scoping, walkthroughs, PBC and sample requests, evidence delivery, and resolution of deviations.
  • Represent us to customers: Lead customer-facing calls on the SOC 1 control environment, answer control questions directly, and confirm complementary user-entity controls (IP allowlisting, MFA, access approvals, authorized-user lists).
  • Execute the recurring controls: Run the operating cadence — weekly reconciliation minutes; quarterly access reviews; and the annual cycle covering penetration testing, cloud (AWS) SOC report review, board minutes, performance evaluations, and security training, including 30-day new-hire training.
  • Manage the access lifecycle: Oversee access-request approvals, terminations and offboarding, and privileged-access lists.
  • Hold the line on operational controls: Cover monitoring, vulnerability scanning (no open critical or high findings), backup and BCP/DR, and incident records.

What You'll Bring

Technical Must-Haves:

  • 3-5 years in IT compliance, IT audit, or GRC, including at least one full SOC 1 Type II cycle owned hands-on, from evidence collection through report issuance.
  • Finance reconciliation expertise: A strong grasp of transaction and balance reconciliation, controls over completeness and accuracy, and discrepancy resolution. Crypto or digital-asset reconciliation experience is a strong plus.
  • Hands-on tooling fluency: Comfortable working directly in AWS (IAM/SSO), GitHub, ticketing systems, monitoring, vulnerability scanners, and compliance tooling.
  • Documentation discipline: You produce clear, structured, audit-grade documentation as a matter of habit.

Professional & Interpersonal Excellence:

  • Cross-functional credibility: You're equally credible with engineers, finance teams, and external auditors, and you can move between those audiences without losing precision.
  • Customer-facing composure: You can represent a control environment to customers and stand behind it under scrutiny.
  • Ownership mindset: You treat the program as yours. You chase down evidence, follow up on gaps, and keep the repository ready without being asked.
  • Bias toward the practical: You balance control rigor with the realities of a fast-moving, global financial infrastructure business.

Fireblocks' mission is to enable every business to easily and securely access digital assets and cryptocurrencies. In order to do that, we strongly believe our workforce should be as diverse as our clients, and this is why we embrace diversity and inclusion in all its forms.

Please see our candidate privacy policy here.

Fireblocks' mission is to enable every business to easily and securely access digital assets and cryptocurrencies. In order to do that, we strongly believe our workforce should be as diverse as our clients, and this is why we embrace diversity and inclusion in all its forms. 

Please see our candidate privacy policy here.