Senior Associate, Security GRC

Summary

Join Gemini, a global crypto and Web3 platform, as a Security GRC Senior Associate! This exciting role blends strategic and operational responsibilities, focusing on managing compliance audits (ISO 27001, SOC 2, PCI DSS, etc.), regulatory exams (NYSDFS Reg. 500, CBI, UK FCA), and security compliance testing. You will collaborate with cross-functional teams, advise on information security requirements, and support customer due diligence projects. The ideal candidate possesses extensive experience in information security compliance, strong analytical and problem-solving skills, and excellent communication abilities. This position offers a competitive salary and benefits package, including a discretionary annual bonus, equity grant, comprehensive health plans, 401k matching, paid parental leave, and flexible time off.

Requirements

• BA/BS degree in a technical field or equivalent practical experience
• 5+ years of experience in the Information Security Governance, Risk and Compliance field or as a Technical Program/Project manager
• Extensive expertise in planning, managing, and completing Information Security compliance audits
• Experience with key information security frameworks, including ISO 27001/2, ISO 27018, ISO 22301, PCI DSS, SOC 2, and the NIST Cybersecurity Framework
• Knowledge of regulations like NYSDFS Reg. 500, CBI, UK FCA, and similar regulatory bodies
• Skilled in advising on both current and emerging information security regulatory and compliance standards
• Experience in security compliance testing and ongoing control monitoring
• Exceptional analytical and creative problem-solving abilities
• Strong interpersonal skills for effective collaboration with customers, senior level personnel, auditors, and team members
• Strong organization skills to prioritize work and balance complex projects
• Ability to work independently and as part of a broader team

Responsibilities

• Plan, coordinate and manage information security compliance audits such as ISO 27001, SOC 2 and PCI DSS
• Plan, coordinate and manage the security aspect of regulatory exams such as for NYSDFS Reg. 500, CBI, UK FCA and other regulators
• Support Gemini in automating the evidence collection process for audits
• Mature our security compliance testing program to support continuous controls monitoring in order to maintain an effective environment
• Design information security compliance controls to address current and emerging requirements
• Advise cross-functional teams to ensure software, infrastructure and process changes are implemented in compliance with information security requirements
• Support customer due diligence projects
• Identify and assess security risks in the compliance domain
• Partner with stakeholders to develop remediation plans for identified control gaps and monitor plans towards completion

Preferred Qualifications

• Former/Current ISO lead auditor certification
• Formerly/Currently a PCI Qualified Security Assessor (QSA)
• Experience automating evidence and artifact collection for regulatory bodies
• Experience leveraging GRC tooling to support information security governance, risk and compliance activities

Benefits

• Competitive starting salary
• A discretionary annual bonus
• Long-term incentive in the form of a new hire equity grant
• Comprehensive health plans
• 401K with company matching
• Paid Parental Leave
• Flexible time off
• In the United States, we have a flexible hybrid work policy for employees who live within 30 miles of our office headquartered in New York City and our office in Seattle