Remote Senior Associate
at Gemini

Summary

Join Gemini as a Senior Associate, Security GRC and contribute to the company's mission of unlocking financial, creative, and personal freedom. As a key member of the GRC team, you will work alongside other internal teams to ensure policies, procedures, and guidelines align with regulatory requirements and security frameworks.

Requirements

• BA/BS degree or equivalent practical experience
• 5-10 years of experience in the field
• Experience in the cyber security field developing and/or updating cyber security related documentation, policies, procedures and standards
• Strong analytical and creative problem solving skills
• Strong interpersonal skills to interact with customers, senior level personnel, auditors, and team members
• Strong organization skills to prioritize work and balance complex projects
• Ability to work independently and as part of a broader team

Responsibilities

• Lead Gemini’s effort of rigorous access and entitlement reviews to close identified security gaps
• Conduct consistent partnership and vendor reviews to ensure compliance with security standards
• Review authorized application reviews to ensure compliance with regulatory and reporting requirements
• Support Gemini’s response to Regulators, Auditors, Client inquiries, and Due Diligence Questionnaires
• Support Gemini’s efforts to maintain SOC 2 Type 2, ISO27001, PCI DSS, and other security certifications
• Support Gemini security compliance to NYSDFS Reg. 500, CBI, UK FCA and other regulators
• Support Gemini in automating the evidence collection process for audits
• Support Gemini compliance with NYSDFS Regulation 500
• Automate the enforcement of security requirements to policies, procedures, and guidelines
• Develop tooling to track the organization Cybersecurity Risk and Compliance status
• Develop and implement strategies to audit internal security/cybersecurity controls
• Contribute ideas and suggestions to the team and leadership for additional policies, procedures, and guidelines
• Understand, automate, and regulate internal Identity, Access, and Entitlements Management

Preferred Qualifications

• Former/Current ISO lead auditor certification
• Formerly/Currently a PCI Qualified Security Assessor (QSA)
• Experience automating evidence and artifact collection for regulatory bodies

Benefits

• Competitive starting salary
• A discretionary annual bonus
• Long-term incentive in the form of a new hire equity grant
• Comprehensive health plans
• 401K with company matching
• Paid Parental Leave
• Flexible time off