Associate, Security GRC

Empower the Individual Through Crypto

Gemini is a crypto exchange and custodian that allows customers to buy, sell, store, and earn more than 30 cryptocurrencies like bitcoin, bitcoin cash, ether, litecoin, and Zcash. Gemini is a New York trust company that is subject to the capital reserve requirements, cybersecurity requirements, and banking compliance standards set forth by the New York State Department of Financial Services and the New York Banking Law. Gemini was founded in 2014 by twin brothers Cameron and Tyler Winklevoss to empower the individual through crypto.

Crypto is about giving you greater choice, independence, and opportunity. We are here to help you on your journey. We build crypto products that are simple, elegant, and secure. Whether you are an individual or an institution, we want to help you buy, sell, and store your bitcoin and cryptocurrency. Crypto is not just a technology, it's a movement.

At Gemini, our mission is to empower the individual and that includes giving our employees flexibility of choice — our Office Optional Policy allows employees to choose to work from one of our physical locations or from home.

Select roles that are location-specific will still be eligible for flexible schedules.

The Department: Security Governance, Risk & Compliance (GRC)

In the emerging industry of digital assets, there is nothing more important than trust (which is why Gemini’s very first hires were Security experts). The Gemini Security team forms the backbone of all that we do and is as diverse as the number of challenges we tackle in the crypto space. From security architecture and engineering to maintenance of cold storage systems and data centers to cybersecurity and litigation support, our team ensures that our customers, clients, and employees are safe, secure, and supported.

The Role: Associate, Cybersecurity GRC

Gemini has an exciting opportunity for a Security Governance Risk and Compliance (“GRC”) Associate specializing in Security Governance and Data Security. We’re searching for a highly proactive and technical individual with a proven track record of successfully completing security audits, interfacing with regulators, and satisfying client security requests. In this role, you’ll work alongside the rest of the GRC team to ensure policies, procedures, and guidelines align with regulatory requirements and security frameworks. You’ll also work with other internal teams at Gemini to align security goals and objectives with business stakeholders. 

This position is full-time and will report to a Manager within the Security GRC team.

Responsibilities:

• Assess, communicate, and develop strategies for mitigating key security risks.
• Audit Gemini systems against leading industry baseline security configurations.  
• Develop and implement strategies for testing and implementing internal cybersecurity controls. 
• Contribute ideas and suggestions to the team and leadership for additional policies, procedures, and standards.
• Serve as a primary point of contact for security issues that require prompt remediation.
• Advise management of potential areas of concern with suggested mitigation strategies.
• Monitor the regulatory environment while advising the organization in meeting any changing requirements.

Qualifications:

• BA/BS degree or equivalent practical experience.
• Experience in the cyber security field developing and/or updating cyber security related documentation, policies, procedures and standards.
• Strong analytical and creative problem solving skills.
• Strong interpersonal skills to interact with customers, senior level personnel, auditors, and team members.
• Strong organization skills to prioritize work and balance complex projects.
• Experience partnering with cross-functional teams such as Data, Incident Response, and Application Security.
• Ability to work independently and as part of a broader team.
• Experience automating evidence and artifact collection for regulatory bodies.
• Familiarity with data security principles, privacy standards, and applicable laws. 
• Understanding of endpoint security, networking, and application-layer gateway technologies.
• Operational knowledge of systems, databases, and network security best practices.
• Experience with IDS, DLP, and SIEM tooling.
• Experience with cloud-native environments.

It Pays to Work Here

We take a holistic approach to compensation at Gemini, which includes:

• Competitive Compensation and Profit-Sharing Equity
• Flexible vacation policy
• Retirement Plan Matching
• Generous Parental leave
• Comprehensive health plans
• Training and professional development

At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace and affirmative action employer. If you have a specific need that requires accommodation, please let a member of the People Team know.

#LI-AH1

#LI-REMOTE