Remote Security Grc Engineer

Summary

Join Gemini, a global crypto and Web3 platform, as their Security GRC Lead! This role blends strategic and operational responsibilities, focusing on developing and implementing a comprehensive security governance strategy. You will collaborate with cross-functional teams, manage multiple projects, and mentor junior colleagues. The ideal candidate possesses extensive experience in security governance, strong knowledge of relevant frameworks (e.g., COBIT, NIST), and proven leadership skills. This position offers a competitive salary, bonus, equity grant, and comprehensive benefits. Gemini offers a flexible hybrid work policy for employees within 30 miles of their NYC or Seattle offices, with remote-first options for others.

Requirements

• Bachelor’s degree in a technical domain, or equivalent experience
• 10+ years of experience in the Security GRC domain, with an emphasis on security governance and strategy development
• Demonstrated experience developing and implementing governance strategies and programs, including metrics and reporting mechanisms
• Strong knowledge of governance frameworks and methodologies (e.g., COBIT, NIST)
• Proven ability to develop, implement, and maintain governance documentation, including policies, procedures, and standards
• Experience leading cross-functional teams in the GRC domain
• Strong experience in managing operational governance programs and projects such as access reviews and security training
• Familiarity with regulatory requirements and certifications, such as SOC 2 Type 2, ISO27001, PCI DSS, GDPR, CCPA and NYSDFS Reg. 500
• Strong analytical and creative problem-solving skills, with the ability to manage complex projects
• Exceptional organizational skills and the ability to prioritize effectively in a fast-paced environment
• Excellent interpersonal and communication skills, with experience collaborating with senior leaders, auditors, and diverse teams

Responsibilities

• Develop and implement a comprehensive governance strategy, applying industry-leading practices and methodologies to achieve organizational goals
• Establish and maintain security governance frameworks, policies, and procedures to ensure data security, privacy, and compliance with applicable laws and standards
• Collaborate with data analytics and business teams to define and document data requirements, standards, and processes
• Drive automation projects in the security governance domain to streamline processes and improve efficiency
• Develop and maintain dashboards and metrics to measure governance performance, data security, and compliance, providing regular updates to senior leadership
• Establish and track key performance indicators (KPIs) to assess the effectiveness of governance programs and initiatives
• Develop, implement, and enforce data governance policies, standards, and procedures to manage risks and support business objectives
• Lead the periodic entitlement review program to ensure effective access management and oversight
• Design and deliver annual security awareness training to enhance the organization’s governance culture and compliance posture
• Stay informed on evolving governance and privacy regulations, providing guidance to ensure ongoing compliance
• Support efforts to maintain SOC 2 Type 2, ISO27001, PCI DSS, and other relevant security certifications
• Ensure compliance with regulatory requirements, including NYSDFS Reg. 500, CBI, and UK FCA, by implementing and overseeing governance frameworks
• Serve as a key advisor to security teams and leadership on governance-related risks, controls, and remediation strategies
• Collaborate with cross-functional teams and data owners to enforce governance roles, responsibilities, and accountability

Preferred Qualifications

• Governance experience in highly regulated industries such as finance, healthcare, or technology
• Hands-on experience with security and governance tools, automation platforms, and analytics dashboards
• Familiarity with cloud governance principles for AWS, Azure, or Google Cloud
• Experience leveraging GRC tooling to support information security governance, risk and compliance activities

Benefits

• Competitive starting salary
• A discretionary annual bonus
• Long-term incentive in the form of a new hire equity grant
• Comprehensive health plans
• 401K with company matching
• Paid Parental Leave
• Flexible time off