Web3 Jobs with 401(k) plan

About the Company

Gemini is a global crypto and Web3 platform founded by Tyler Winklevoss and Cameron Winklevoss in 2014. Gemini offers a wide range of crypto products and services for individuals and institutions in over 70 countries.

Crypto is about giving you greater choice, independence, and opportunity. We are here to help you on your journey. We build crypto products that are simple, elegant, and secure. Whether you are an individual or an institution, we help you buy, sell, and store your bitcoin and cryptocurrency. 

At Gemini, our mission is to unlock the next era of financial, creative, and personal freedom.

The Department: Security Governance, Risk & Compliance

The Role: Director, Security GRC

The Security Governance, Risk, and Compliance (GRC) Director is responsible for overseeing the development, implementation, and management of comprehensive security governance, risk management, audit and compliance programs within the organization. This role involves developing the strategy for the GRC organization and ensuring that it stays abreast of evolving needs. The incumbent will be collaborating with various departments to ensure adherence to security policies, procedures, and regulatory requirements, while also identifying and driving mitigations for security risks effectively.

Responsibilities:

• Security Governance:
• Develop, implement, and maintain security governance frameworks, policies, standards, and procedures.
• Establish and chair security governance committees to review, approve, and oversee security initiatives and strategies.
• Ensure alignment of security governance with organizational objectives and industry best practices.
• Risk Management:
• Conduct risk assessments to identify, evaluate, and prioritize security risks across the organization.
• Develop risk mitigation strategies and plans to address identified risks effectively.
• Monitor and report on the effectiveness of risk mitigation efforts, adjusting strategies as necessary.
• Security Engineering:
• Develop and execute a comprehensive security engineering strategy aligned with Gemini’s business objectives.
• Lead and mentor the Security Engineering team, fostering a culture of security excellence and continuous improvement.
• Build/buy security technologies, tools, and evaluate vendors to enhance our security posture.
• Collaborate with Engineering, Legal, Risk and Product management teams to ensure alignment.
• Compliance Management:
• Stay abreast of relevant laws, regulations, and industry standards related to information security.
• Develop and maintain compliance programs to ensure adherence to applicable regulations and standards (e.g., GDPR, HIPAA, ISO 27001).
• Coordinate with legal and regulatory affairs teams to address compliance requirements and regulatory inquiries.
• Security Policy and Procedure Management:
• Develop, review, and update security policies, procedures, and guidelines in accordance with changing organizational needs and regulatory requirements.
• Communicate security policies and procedures to relevant stakeholders, ensuring understanding and compliance.
• Vendor Risk Management:
• Establish and maintain processes for evaluating and managing security risks associated with third-party vendors and partners.
• Conduct vendor security assessments and due diligence reviews to ensure compliance with security requirements.
• Audit:
• Develop a roadmap and plan for all applicable audits.
• Work with other key stakeholders across the company, including engineering, internal Audit, Risk Management, compliance and legal teams as well as other security teams to ensure audit readiness.
• Interface with external auditors, regulators and standards organizations as necessary to drive changes that are beneficial to the company and the industry.
• Security Awareness and Training:
• Develop and deliver security awareness and training programs to educate employees on security risks and best practices.
• Monitor and measure the effectiveness of security awareness initiatives, adjusting strategies as needed.

Minimum Qualifications:

• Bachelor's degree in Information Security, Computer Science, or a related field. Advanced degree (e.g., Master's, MBA) or equivalent industry experience.
• 12+ years of experience in security governance, risk management, and compliance roles, with a focus on information security in a technical environment.
• Deep understanding of security frameworks, regulations, and standards (e.g., NIST Cybersecurity Framework, GDPR, HIPAA, ISO 27001).
• Strong leadership and communication skills, with the ability to effectively engage and influence stakeholders at all levels of the organization.
• Excellent analytical and problem-solving abilities, with a focus on practical solutions to complex security challenges.
• Experience working in regulated industries (e.g., healthcare, finance) is highly desirable.
• Ability to adapt to a fast-paced, dynamic environment and manage multiple priorities effectively.

• Competitive starting salary
• A discretionary annual bonus
• Long-term incentive in the form of a new hire equity grant
• Comprehensive health plans
• 401K with company matching
• Paid Parental Leave
• Flexible time off

Salary Range: The base salary range for this role is between $227,000 - $284,000 in the State of New York, the State of California and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate’s compensation, we consider a number of factors including skillset, experience, job scope, and current market data.

At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace. If you have a specific need that requires accommodation, please let a member of the People Team know.

#LI-AH1