Lead, Security GRC
Remote (USA)
About the Company
Gemini is a global crypto and Web3 platform founded by Tyler Winklevoss and Cameron Winklevoss in 2014. Gemini offers a wide range of crypto products and services for individuals and institutions in over 70 countries.
Crypto is about giving you greater choice, independence, and opportunity. We are here to help you on your journey. We build crypto products that are simple, elegant, and secure. Whether you are an individual or an institution, we help you buy, sell, and store your bitcoin and cryptocurrency.
At Gemini, our mission is to unlock the next era of financial, creative, and personal freedom.
In the United States, we have a flexible hybrid work policy for employees who live within 30 miles of our office headquartered in New York City and our office in Seattle. Employees within the New York and Seattle metropolitan areas are expected to work from the designated office twice a week, unless there is a job-specific requirement to be in the office every workday. Employees outside of these areas are considered part of our remote-first workforce. We believe our hybrid approach for those near our NYC and Seattle offices increases productivity through more in-person collaboration where possible.
The Department: Security Governance, Risk & Compliance
The Role: Lead, Security GRC
Gemini has an exciting opportunity for a Security GRC Lead in the Governance domain. This role will have a mix of strategic and operational responsibilities working with cross functional stakeholders to manage Gemini’s security governance strategy and framework. This includes developing a long-term governance strategy and roadmap, leading the cross functional security governance workgroup with stakeholders in privacy, data analytics and infrastructure engineering teams. A successful candidate will have a deep understanding of the technical aspects of the Governance domain and can independently manage multiple ongoing projects and operational work while supporting junior colleagues on the GRC team.
Responsibilities:
- Strategy & Frameworks:
- Develop and implement a comprehensive governance strategy, applying industry-leading practices and methodologies to achieve organizational goals.
- Establish and maintain security governance frameworks, policies, and procedures to ensure data security, privacy, and compliance with applicable laws and standards.
- Collaborate with data analytics and business teams to define and document data requirements, standards, and processes.
- Drive automation projects in the security governance domain to streamline processes and improve efficiency.
- Metrics & Reporting:
- Develop and maintain dashboards and metrics to measure governance performance, data security, and compliance, providing regular updates to senior leadership.
- Establish and track key performance indicators (KPIs) to assess the effectiveness of governance programs and initiatives.
- Data Governance:
- Develop, implement, and enforce data governance policies, standards, and procedures to manage risks and support business objectives.
- Lead the periodic entitlement review program to ensure effective access management and oversight.
- Training & Awareness:
- Design and deliver annual security awareness training to enhance the organization’s governance culture and compliance posture.
- Stay informed on evolving governance and privacy regulations, providing guidance to ensure ongoing compliance.
- Compliance & Certification Support:
- Support efforts to maintain SOC 2 Type 2, ISO27001, PCI DSS, and other relevant security certifications.
- Ensure compliance with regulatory requirements, including NYSDFS Reg. 500, CBI, and UK FCA, by implementing and overseeing governance frameworks.
- Collaboration & Communication:
- Serve as a key advisor to security teams and leadership on governance-related risks, controls, and remediation strategies.
- Collaborate with cross-functional teams and data owners to enforce governance roles, responsibilities, and accountability.
Minimum Qualifications:
- Bachelor’s degree in a technical domain, or equivalent experience.
- 10+ years of experience in the Security GRC domain, with an emphasis on security governance and strategy development.
- Demonstrated experience developing and implementing governance strategies and programs, including metrics and reporting mechanisms.
- Strong knowledge of governance frameworks and methodologies (e.g., COBIT, NIST).
- Proven ability to develop, implement, and maintain governance documentation, including policies, procedures, and standards.
- Experience leading cross-functional teams in the GRC domain.
- Strong experience in managing operational governance programs and projects such as access reviews and security training.
- Familiarity with regulatory requirements and certifications, such as SOC 2 Type 2, ISO27001, PCI DSS, GDPR, CCPA and NYSDFS Reg. 500.
- Strong analytical and creative problem-solving skills, with the ability to manage complex projects.
- Exceptional organizational skills and the ability to prioritize effectively in a fast-paced environment.
- Excellent interpersonal and communication skills, with experience collaborating with senior leaders, auditors, and diverse teams.
- Proficiency in governance and compliance tools/technologies is an advantage.
Preferred Qualifications:
- Governance experience in highly regulated industries such as finance, healthcare, or technology.
- Hands-on experience with security and governance tools, automation platforms, and analytics dashboards.
- Familiarity with cloud governance principles for AWS, Azure, or Google Cloud.
- Experience leveraging GRC tooling to support information security governance, risk and compliance activities.
- Competitive starting salary
- A discretionary annual bonus
- Long-term incentive in the form of a new hire equity grant
- Comprehensive health plans
- 401K with company matching
- Paid Parental Leave
- Flexible time off
Salary Range: The base salary range for this role is between $122,000 - $152,000 in the State of New York, the State of California and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate’s compensation, we consider a number of factors including skillset, experience, job scope, and current market data.
At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace. If you have a specific need that requires accommodation, please let a member of the People Team know.
#LI-JS2
ApplyJob Profile
Must work from office twice a week if within 30 miles of NYC or Seattle
Benefits/PerksAnnual bonus Competitive starting salary Comprehensive health plans Discretionary annual bonus Equity grant Flexible hybrid work policy Flexible time off Health plans Hybrid work In-person collaboration In-person collaboration opportunities Long-term incentive Paid parental leave Remote-first workforce
Tasks- Collaborate with stakeholders
- Develop governance strategy
- Develop metrics and dashboards
- Documentation
- Drive automation projects
- Ensure compliance
- Ensure compliance with regulations
- Implement security frameworks
Analytical Analytics Automation AWS Azure Benefits Cloud Collaboration Communication Compensation Compliance Crypto Cryptocurrency Data & Analytics Data Governance Documentation Engineering Finance Governance Information security Infrastructure Interpersonal ISO 27001 KPI Tracking Leadership Metrics Development Organization Organizational PCI DSS Problem-solving Project Management Reporting Risk Management Security Security Awareness Training Security governance SOC 2 Tooling Training Web3 Workday
Education Certifications TimezonesAmerica/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9