Lead Security GRC

## Responsibilities: Support Gemini’s response to Regulators, Auditors, Client inquiries, and Due Diligence Questionnaires. Lead Gemini’s efforts to maintain SOC 2 Type 2, ISO27001, PCI DSS, and other security certifications. Lead Gemini security compliance to NYSDFS Reg. 500, CBI, UK FCA and other regulators. Automate the responses to questions from external parties related to Gemini security governance. Develop tooling to track the organization’s cybersecurity risk and compliance status. Lead Gemini’s compliance automation efforts focused on maintaining and validating controls and associated evidence. Research, implementation, and maintenance of compliance related tools: evidence collection automation and control monitoring Collaborate with multiple stakeholders including HR, Legal, Operations, Engineering for maintaining GRC programs. Translate the regulatory requirements into implementable and software driven controls. Orchestrate the enterprise wide business continuity planning and testing with technology teams. Develop and implement strategies to audit internal security/cybersecurity controls. Advise Gemini’s security team and leadership on additional security governance measures. Understand, automate, and regulate internal identity, access, permissions, and entitlements, as it relates to full-time employees as well as contingent workers / contractors / consultants. Serve as a primary point of contact for security issues that require prompt remediation. ## Minimum Qualifications: BA/BS degree or equivalent practical experience. 5 years of experience in the cyber security field developing and/or updating cyber security related documentation, policies, procedures and standards. Strong analytical and creative problem solving skills. Strong interpersonal skills to interact with customers, senior level personnel, auditors, and team members. Strong organization skills to prioritize work and balance complex projects. Ability to work independently and as part of a broader team.