Principal, Technology and Security Internal Auditor

Empower the Individual Through Crypto

Gemini is a crypto exchange and custodian that allows customers to buy, sell, store, and earn more than 30 cryptocurrencies like bitcoin, bitcoin cash, ether, litecoin, and Zcash. Gemini is a New York trust company that is subject to the capital reserve requirements, cybersecurity requirements, and banking compliance standards set forth by the New York State Department of Financial Services and the New York Banking Law. Gemini was founded in 2014 by twin brothers Cameron and Tyler Winklevoss to empower the individual through crypto.

Crypto is about giving you greater choice, independence, and opportunity. We are here to help you on your journey. We build crypto products that are simple, elegant, and secure. Whether you are an individual or an institution, we want to help you buy, sell, and store your bitcoin and cryptocurrency. Crypto is not just a technology, it's a movement.

At Gemini, our mission is to empower the individual and that includes giving our employees flexibility of choice — our Office Optional Policy allows employees to choose to work from one of our physical locations or from home.

Select roles that are location-specific will still be eligible for flexible schedules.

The Department: Internal Audit

Internal Audit at Gemini is dedicated to providing independent assurance of the design and effectiveness of internal controls while working with business partners to solve problems and optimize the control environment for continued growth. 

The Role: Principal, Technology and Security Internal Audit

Reporting to the Head of Internal Audit, this individual is responsible for managing and executing internal audit activities across Gemini’s Technology and Security departments. The role’s primary responsibilities include building and maintaining relationships with Technology and Security stakeholders (including C-level personnel), evaluating Gemini's Technology and Security control environment and compliance with key regulations and industry technology/security frameworks, managing third-party internal audit consultants, collaborating with the Risk and Compliance departments on control testing activities, and partnering with Technology and Security stakeholders to design remediation solutions for identified issues. The Principal, Technology and Security Internal Audit has a unique opportunity to help us create a modern Internal Audit department in the evolving, fast-paced digital assets industry.

The Principal, Technology and Security Internal Audit will provide a critical role in helping Gemini oversee, manage, and monitor existing and emerging risks, as well as partner with Technology and Security departments in enhancing controls and improving core processes. This individual will drive the scope and execution of internal audits, partner with process owners to develop remediation plans for issues, validate issue remediation, and promote a sustainable Internal Audit program. Internal Audit is one of the few functions that has the opportunity to make an impact on all lines of business to ensure critical processes are well controlled. The ideal candidate is a strong critical thinker, adaptive to evolving regulatory environments and emerging risks, has an open and creative mindset on how to approach risk within a rapidly changing environment, and communicates effectively with Technology and Security leadership. 

Responsibilities:

Direct, manage, and execute Technology and Security internal audits, and assist with technology and security risk considerations across all internal audits, in accordance with professional standards, company policies, and regulatory requirements. This includes scope development, control testing, issue identification and report drafting, as well as oversight of third-party consultants in the execution of these activities.

Build relationships with process owners and stakeholders to provide meaningful improvements, as a result of issues identified during internal audits or during process development, while maintaining the independence of the 3rd Line of Defense.

Develop and recommend remediation plans and mitigating controls where audit issues are identified and collaborate with management to ensure audit issues are resolved in a timely manner.

Evaluate methods to streamline audit approaches and methodologies, improve control testing activities, and enhance risk monitoring 

Assist with Internal Audit reporting to senior leadership, the Audit Committee of the Board, and regulatory bodies, where applicable.

Participate in the annual Internal Audit risk assessment process, including the scoring and documentation of risk ratings. 

Collaborate with the Risk and Compliance departments on control testing activities, maintenance of the process, risk, and control library, and enterprise risk management.

Monitor key regulations and industry technology/security frameworks and proactively collaborate with management to develop controls based on the evolving landscape.

Qualifications:

8+ years experience in an internal audit, risk management and/or controls role, ideally at a high-growth technology company. Experience from financial services, FinTech or Big 4 consulting firms will also be considered.

Experience with auditing Technology and Security related controls in line with standard frameworks (e.g., ISO 27001, NIST, PCI, COBIT, ITIL, FFIEC).

Ability to be flexible in a rapidly changing risk and regulatory landscape and "roll up sleeves" when priorities or project scopes change.

Ability to effectively communicate with process owners and stakeholders up to executive levels related to expectations of internal audit projects and findings that impact their business lines.

Strong written communication skills, including drafting issues and other internal audit documentation for consumption by Management, Audit Committee, and potential regulators.

Previous experience in control identification, control description documentation, and control testing in DevOps and agile focused organizations. 

Basic blockchain or private and public key cryptography understanding.

Proven ability to meet project budget and timeline constraints, and to identify and escalate issues that may impact project progress.

Creative mindset that will allow effective challenge on how the internal audit program and specific internal audit projects are performed to promote continuous improvement.

Strong organizational skills and proven ability to effectively manage and prioritize time amongst various activities.

Bachelor’s degree in Information Systems, Software Engineering, Accounting, Finance, Risk Management or related field, or commensurate work experience.

Experience with implementing automation or other means of gaining efficiencies during audits and determining useful metrics for continuous monitoring of controls under audit is preferred.

It Pays to Work Here

We take a holistic approach to compensation at Gemini, which includes:

Competitive Compensation and Profit-Sharing Equity

Flexible vacation policy

Retirement Plan Matching

Generous Parental leave

Comprehensive health plans

Training and professional development

At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace and affirmative action employer. If you have a specific need that requires accommodation, please let a member of the People Team know.