Lead – Security GRC
Posted on 2/28/2024

501-1,000 employees

Cryptocurrency exchange platform
Company Overview
Gemini Trust Company, LLC stands out as a leading cryptocurrency exchange and custodian, offering customers a secure platform to buy, sell, stake, and store digital assets, adhering to the highest fiduciary obligations, capital reserve requirements, and banking compliance standards. The company's culture is rooted in transparency and security, with features like 'Approved Addresses' that enhance customer's control over their cryptocurrency transactions. Founded by the Winklevoss twins in 2015, Gemini has consistently demonstrated industry leadership in bridging the gap between traditional finance and the future of money.
Financial Services
Crypto & Web3

Company Stage

Series A

Total Funding





New York, New York

Growth & Insights

6 month growth


1 year growth


2 year growth

Remote in USA
Experience Level
IT & Security
  • BA/BS degree or equivalent practical experience
  • 5 years of experience in the cyber security field developing and/or updating cyber security related documentation, policies, procedures and standards
  • Strong analytical and creative problem solving skills
  • Strong interpersonal skills to interact with customers, senior level personnel, auditors, and team members
  • Strong organization skills to prioritize work and balance complex projects
  • Ability to work independently and as part of a broader team
  • Support Gemini’s response to Regulators, Auditors, Client inquiries, and Due Diligence Questionnaires
  • Lead Gemini’s efforts to maintain SOC 2 Type 2, ISO27001, PCI DSS, and other security certifications
  • Lead Gemini security compliance to NYSDFS Reg. 500, CBI, UK FCA and other regulators
  • Automate the responses to questions from external parties related to Gemini security governance
  • Develop tooling to track the organization’s cybersecurity risk and compliance status
  • Lead Gemini’s compliance automation efforts focused on maintaining and validating controls and associated evidence
  • Research, implementation, and maintenance of compliance related tools: evidence collection automation and control monitoring
  • Collaborate with multiple stakeholders including HR, Legal, Operations, Engineering for maintaining GRC programs
  • Translate the regulatory requirements into implementable and software driven controls
  • Orchestrate the enterprise wide business continuity planning and testing with technology teams
  • Develop and implement strategies to audit internal security/cybersecurity controls
  • Advise Gemini’s security team and leadership on additional security governance measures
  • Understand, automate, and regulate internal identity, access, permissions, and entitlements, as it relates to full-time employees as well as contingent workers / contractors / consultants
  • Serve as a primary point of contact for security issues that require prompt remediation
Desired Qualifications
  • Former/Current ISO lead auditor certification
  • Former/Current PCI Qualified Security Assessor (QSA)
  • Experience with automation of GRC initiatives and priorities
  • Understanding of endpoint security, networking, and application-layer gateway technologies
  • Operational knowledge of systems, databases, and network security best practices
  • Experience with IDS, DLP, and SIEM tooling
  • Experience with cloud-native environments