Cybersecurity GRC Analyst

Summary

Join Bitcoin Depot, the world's largest Bitcoin ATM network, as a Cybersecurity GRC Analyst. In this role, you will be instrumental in ensuring regulatory compliance, improving risk management, and enhancing security controls. You will coordinate and manage internal and external security audits, collaborate with various teams, and develop and implement GRC policies and procedures. Responsibilities include performing risk assessments, mitigating risks, and educating employees on security best practices. The ideal candidate will have 3-5 years of experience in the financial services industry and strong knowledge of relevant regulations and frameworks. Bitcoin Depot offers a competitive benefits package, including 401k matching, health benefits, paid time off, and a remote-first environment.

Requirements

3-5 years of experience in the financial services industry

Responsibilities

• Support the management of Information Security governance and ensure adherence to Cybersecurity policies and standards
• Familiar with compliance with financial regulations (SOX, SEC, CCPA/CRPA, GDPR, Australia Privacy Act)
• Work closely with the IT Operations and Compliance team to identify, address, and resolve key Cybersecurity risks and issues promptly
• Assist in developing, implementing, and maintaining GRC policies, procedures and framework based on NIST 800-53
• Manage training and security awareness programs
• Conduct and manage periodic security testing activities (e.g. penetration testing, DR exercises), including training of DR participants on roles and duties
• Conduct and manage internal and external audits and certification and security questionnaire responses
• Assist in generating internal and external relevant security metrics and reports for CISO and Cybersecurity and audit committee
• Stay updated on regulatory changes and advise on potential impacts
• Perform risk assessments and identify gaps in financial and information security controls
• Develop and monitor risk mitigation plans in collaboration with key stakeholders
• Support third-party risk management (TPRM) process, ensuring vendor compliance with security standards
• Work with internal teams to assess and improve business continuity and incident response plans
• Prepare reports and dashboards for risk posture, compliance status, audit findings
• Educate employees on GRC policies, security best practices, and regulatory requirements
• Serve as liaison between internal teams, external auditors, and regulatory bodies

Preferred Qualifications

• 3-5 years of GRC, risk management, compliance, and/or IT audit, preferably in banking fintech or financial services
• Strong knowledge of financial regulations such as SOX, SEC, CCPA/CRPA, GDPR, and Australia Privacy Act)
• Familiarity with risk management frameworks (NIST, ISO 27001)
• Strong analytical, problem-solving, and communication skills
• Relevant certifications - CISA, CRISK, CISM, CISSP
• Excellent interpersonal skills, comfortable working at all organizational levels and in various situations
• An ability to translate security requirements and standards into easily understood business concepts and vice versa
• Relevant experience with certification/audit (e.g, GDRP, SOC Type I, Type II) is desirable
• Experience working with third-party vendors and reviewing and conducting annual VAQs
• Experience working with cloud solutions AWS, Azure, and GCP

Benefits

• 401K Matching
• Health benefits
• Paid wellness membership
• Equity
• Paid time off & holidays
• Annual in-person team building events
• Virtual team building events
• Remote first environment