Director, Security GRC

Summary

Join Gemini, a global crypto and Web3 platform, as their Director, Security GRC. This leadership role oversees the development and implementation of comprehensive security governance, risk management, audit, and compliance programs. You will develop the GRC strategy, collaborate with various departments to ensure security policy adherence, and identify/mitigate security risks. The position requires extensive experience in security governance, risk management, and compliance, along with strong leadership and communication skills. A competitive salary, bonus, equity grant, and comprehensive benefits are offered.

Requirements

• Bachelor's degree in Information Security, Computer Science, or a related field
• Advanced degree (e.g., Master's, MBA) or equivalent industry experience
• 12+ years of experience in security governance, risk management, and compliance roles, with a focus on information security in a technical environment
• Deep understanding of security frameworks, regulations, and standards (e.g., NIST Cybersecurity Framework, GDPR, HIPAA, ISO 27001)
• Strong leadership and communication skills, with the ability to effectively engage and influence stakeholders at all levels of the organization
• Excellent analytical and problem-solving abilities, with a focus on practical solutions to complex security challenges
• Ability to adapt to a fast-paced, dynamic environment and manage multiple priorities effectively

Responsibilities

• Develop, implement, and maintain security governance frameworks, policies, standards, and procedures
• Establish and chair security governance committees to review, approve, and oversee security initiatives and strategies
• Ensure alignment of security governance with organizational objectives and industry best practices
• Conduct risk assessments to identify, evaluate, and prioritize security risks across the organization
• Develop risk mitigation strategies and plans to address identified risks effectively
• Monitor and report on the effectiveness of risk mitigation efforts, adjusting strategies as necessary
• Develop and execute a comprehensive security engineering strategy aligned with Gemini’s business objectives
• Lead and mentor the Security Engineering team, fostering a culture of security excellence and continuous improvement
• Build/buy security technologies, tools, and evaluate vendors to enhance our security posture
• Collaborate with Engineering, Legal, Risk and Product management teams to ensure alignment
• Stay abreast of relevant laws, regulations, and industry standards related to information security
• Develop and maintain compliance programs to ensure adherence to applicable regulations and standards (e.g., GDPR, HIPAA, ISO 27001)
• Coordinate with legal and regulatory affairs teams to address compliance requirements and regulatory inquiries
• Develop, review, and update security policies, procedures, and guidelines in accordance with changing organizational needs and regulatory requirements
• Communicate security policies and procedures to relevant stakeholders, ensuring understanding and compliance
• Establish and maintain processes for evaluating and managing security risks associated with third-party vendors and partners
• Conduct vendor security assessments and due diligence reviews to ensure compliance with security requirements
• Develop a roadmap and plan for all applicable audits
• Work with other key stakeholders across the company, including engineering, internal Audit, Risk Management, compliance and legal teams as well as other security teams to ensure audit readiness
• Interface with external auditors, regulators and standards organizations as necessary to drive changes that are beneficial to the company and the industry
• Develop and deliver security awareness and training programs to educate employees on security risks and best practices
• Monitor and measure the effectiveness of security awareness initiatives, adjusting strategies as needed

Preferred Qualifications

Relevant professional certifications such as CISSP, CISM, CRISC, or equivalent

Benefits

• Competitive starting salary
• A discretionary annual bonus
• Long-term incentive in the form of a new hire equity grant
• Comprehensive health plans
• 401K with company matching
• Paid Parental Leave
• Flexible time off