About the company
Gemini is a regulated cryptocurrency exchange, wallet, and custodian that makes it simple and secure to buy bitcoin, ether, and other cryptocurrencies.
Job Summary
Responsibilities:
šRisk Assessment & Monitoring šExecute the IT Risk Management Framework, including risk identification, analysis, and reporting. šConduct annual IT risk assessments, including RCSAs, targeted risk reviews, and new product/key initiative assessments. šMaintain the IT risk register; ensure timely updates and accurate reporting of exposures. šPerform post-mortem risk reviews for critical incidents and support operational loss reviews with ORM. šGovernance & Frameworks šAssist the Head of IT Risk in maintaining risk policies, standards, and procedures that align with GeminiĆ¢ĀĀs enterprise risk management program and regulatory expectations (NYDFS, DFS, CFTC, DORA EU 2025). šCoordinate with Technology and Security teams to ensure policies and controls are properly implemented and followed. šHelp prepare materials for risk committees, regulators, and senior leadership. šControls & Testing šPartner with Internal Audit, IT, Security, and BCM to assess design and operating effectiveness of IT and cyber controls. šSupport control testing for internal/external audits, RCSAs, and regulatory examinations. šTrack remediation and validate closure of issues using GRC tool(s). šCollaboration & Stakeholder Management šServe as a liaison between IT Risk and other functional areas, facilitating risk awareness and control adoption. šProvide guidance to IT teams on risk and control considerations for new projects, initiatives, and system changes. šContribute to risk awareness training and initiatives across the organization. šReporting & Metrics šAssist in the development of periodic risk dashboards and key risk indicators (KRIs). šSupport the Head of IT Risk in communicating IT risk posture to senior leadership. šSupport development of IT & Security dashboards; ensure metric accuracy and timely updates.
Minimum Qualifications:
šBachelor's or advanced degree in a relevant field (e.g., Information Security, Risk Management). š8+ years of experience in IT internal audit, IT risk management, or related roles in highly regulated industries with strong knowledge of IT risk, cybersecurity, operational risk, and third-party/vendor risk. šProven experience in implementing risk management frameworks, control testing, and data governance. šFamiliarity with regulatory requirements (NYDFS, SOC2, PCI DSS, DORA EU). šExcellent communication and stakeholder engagement skills.
The future of finance is here ā whether youāre interested in blockchain, cryptocurrency, or remote web3 jobs, thereās a perfect role waiting for you.
