Senior Associate, Security GRC

About the Company

Gemini is a global crypto and Web3 platform founded by Tyler Winklevoss and Cameron Winklevoss in 2014. Gemini offers a wide range of crypto products and services for individuals and institutions in over 70 countries.

Crypto is about giving you greater choice, independence, and opportunity. We are here to help you on your journey. We build crypto products that are simple, elegant, and secure. Whether you are an individual or an institution, we help you buy, sell, and store your bitcoin and cryptocurrency. 

At Gemini, our mission is to unlock the next era of financial, creative, and personal freedom.

In the United States, we have a flexible hybrid work policy for employees who live within 30 miles of our office headquartered in New York City and our office in Seattle. Employees within the New York and Seattle metropolitan areas are expected to work from the designated office twice a week, unless there is a job-specific requirement to be in the office every workday. Employees outside of these areas are considered part of our remote-first workforce. We believe our hybrid approach for those near our NYC and Seattle offices increases productivity through more in-person collaboration where possible.

The Department: Security Governance, Risk & Compliance

The Role: Senior Associate, Security GRC

Gemini has an exciting opportunity for a Security GRC Senior Associate in the Compliance domain.  This role will have a mix of strategic and operational responsibilities working with cross functional stakeholders to manage compliance audits, mature processes and procedures, provide guidance on regulatory and compliance topics, and maintain the organization’s information security compliance. This includes working with internal and external auditors to manage audit activities and a successful candidate will have deep understanding for information security controls, a strong record of building and maintaining relationships and experience in managing compliance risks and issues, validating evidence and managing compliance projects.

Responsibilities:

•  Plan, coordinate and manage information security compliance audits such as ISO 27001, SOC 2 and PCI DSS.
•  Plan, coordinate and manage the security aspect of regulatory exams such as for NYSDFS Reg. 500, CBI, UK FCA and other regulators.
•  Support Gemini in automating the evidence collection process for audits.
•  Mature our security compliance testing program to support continuous controls monitoring in order to maintain an effective environment. 
• Design information security compliance controls to address current and emerging requirements.
• Advise cross-functional teams to ensure software, infrastructure and process changes are implemented in compliance with information security requirements.
• Support customer due diligence projects. 
• Identify and assess security risks in the compliance domain. 
• Partner with stakeholders to develop remediation plans for identified control gaps and monitor plans towards completion.

Minimum Qualifications:

• BA/BS degree in a technical field or equivalent practical experience.
• 5+ years of experience in the Information Security Governance, Risk and Compliance field or as a Technical Program/Project manager.
• Extensive expertise in planning, managing, and completing Information Security compliance audits.
• Experience with key information security frameworks, including ISO 27001/2, ISO 27018, ISO 22301, PCI DSS, SOC 2, and the NIST Cybersecurity Framework.
• Knowledge of regulations like NYSDFS Reg. 500, CBI, UK FCA, and similar regulatory bodies.
• Skilled in advising on both current and emerging information security regulatory and compliance standards.
• Experience in security compliance testing and ongoing control monitoring.
• Exceptional analytical and creative problem-solving abilities.
• Strong interpersonal skills for effective collaboration with customers, senior level personnel, auditors, and team members.
• Strong organization skills to prioritize work and balance complex projects.
• Ability to work independently and as part of a broader team.

Preferred Qualifications:

• Former/Current ISO lead auditor certification.
• Formerly/Currently a PCI Qualified Security Assessor (QSA).
• Experience automating evidence and artifact collection for regulatory bodies.
• Experience leveraging GRC tooling to support information security governance, risk and compliance activities.

• Competitive starting salary
• A discretionary annual bonus
• Long-term incentive in the form of a new hire equity grant
• Comprehensive health plans
• 401K with company matching
• Paid Parental Leave
• Flexible time off

Salary Range: The base salary range for this role is between $95,000 - $119,000 in the State of New York, the State of California and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate’s compensation, we consider a number of factors including skillset, experience, job scope, and current market data.

At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace. If you have a specific need that requires accommodation, please let a member of the People Team know.

#LI-AH1