Principal Internal Auditor, Technology and Security at Gemini (Greater NYC Area, NY or Remote)
Empower the Individual Through Crypto
Gemini is a crypto exchange and custodian that allows customers to buy, sell, store, and earn more than 30 cryptocurrencies like bitcoin, bitcoin cash, ether, litecoin, and Zcash. Gemini is a New York trust company that is subject to the capital reserve requirements, cybersecurity requirements, and banking compliance standards set forth by the New York State Department of Financial Services and the New York Banking Law. Gemini was founded in 2014 by twin brothers Cameron and Tyler Winklevoss to empower the individual through crypto.
Crypto is about giving you greater choice, independence, and opportunity. We are here to help you on your journey. We build crypto products that are simple, elegant, and secure. Whether you are an individual or an institution, we want to help you buy, sell, and store your bitcoin and cryptocurrency. Crypto is not just a technology, it's a movement.
At Gemini, our mission is to empower the individual and that includes giving our employees flexibility of choice — our Office Optional Policy allows employees to choose to work from one of our physical locations or from home.
Select roles that are location-specific will still be eligible for flexible schedules.
The Department: Internal Audit
Internal Audit at Gemini is dedicated to providing independent assurance of the design and effectiveness of internal controls while working with business partners to solve problems and optimize the control environment for speed and reliability.
The Role: Principal Internal Auditor, Technology and Security
Reporting to the Head of Internal Audit, this individual is responsible for leading and executing internal audit activities across Gemini’s Technology and Security departments. The role’s primary responsibilities include building and maintaining relationships with Technology and Security stakeholders (including C-level personnel), evaluating Gemini's Technology and Security control environment, managing third-party internal audit consultants, collaborating with the Risk and Compliance departments on control testing activities, and partnering with Technology and Security stakeholders to recommend remediation solutions for identified issues. The Principal Internal Auditor, Technology and Security has a unique opportunity to help us create a modern Internal Audit department in the evolving, fast-paced digital assets industry.
The Principal Internal Auditor, Technology and Security will provide a critical role in helping Gemini oversee, manage, and monitor existing and emerging risks while delivering value to our customers with speed and reliability. This individual will drive the scope and execution of internal audits, partner with process owners to develop issue remediation plans, validate issue remediation activities, and promote a sustainable Internal Audit program. Internal Audit is one of the few functions that has the opportunity to make an impact on all lines of business to ensure critical processes are well controlled. The ideal candidate is a strong critical thinker that quickly adapts to evolving regulatory environments and emerging risks, makes good and fast decisions in an organization moving at high velocity, rolls up their sleeves to get things done, and communicates effectively with Technology and Security leadership with a focus on results.
- Direct, manage, and execute Technology and Security internal audits, and assist with technology and security risk considerations across all internal audits, in accordance with professional standards, company policies, and regulatory requirements. This includes scope development, control testing, issue identification and report drafting, as well as oversight of third-party consultants in the execution of these activities.
- Build relationships with process owners and stakeholders to provide meaningful improvements as a result of issues identified during internal audits or during process development, while maintaining the independence of the 3rd Line of Defense.
- Develop and recommend remediation plans and mitigating controls where audit issues are identified and collaborate with management to ensure audit issues are resolved in a timely manner.
- Evaluate methods to streamline audit approaches and methodologies, improve control testing activities, and enhance risk monitoring.
- Assist with Internal Audit reporting to senior leadership, the Audit Committee of the Board, and regulatory bodies, where applicable.
- Participate in the annual Internal Audit risk assessment process, including the scoring and documentation of risk ratings.
- Collaborate with the Risk and Compliance departments on control testing activities, maintenance of the process, risk, and control library, and enterprise risk management.
- Monitor key regulations and industry technology/security frameworks and proactively collaborate with management to develop controls based on the evolving landscape.
- 8+ years experience in an internal audit, risk management and/or controls role, ideally at a high-growth technology company. Experience from financial services, FinTech or Big 4 consulting firms will also be considered.
- Experience with auditing Technology and Security related controls in line with standard frameworks (e.g., ISO 27001, NIST, PCI, COBIT, ITIL, FFIEC).
- Ability to be flexible in a rapidly changing risk and regulatory landscape and "roll up sleeves" when priorities or project scopes change.
- Ability to effectively communicate with process owners and stakeholders up to executive levels related to expectations of internal audit projects and findings that impact their business lines.
- Strong written communication skills, including drafting issues and other internal audit documentation for consumption by Management, Audit Committee, and regulators.
- Previous experience in control identification, control description documentation, and control testing in DevOps and agile focused organizations.
- Proven ability to meet audit budget and timeline constraints and to identify and escalate issues that may impact audit progress.
- Creative mindset that effectively challenges the internal audit program to promote continuous improvement.
- Strong organizational skills and proven ability to effectively manage and prioritize time amongst various activities.
- Bachelor’s degree in Information Systems, Software Engineering, Accounting, Finance, Risk Management or related field, or commensurate work experience.
- Experience with implementing automation or other means of gaining efficiencies during audits and determining useful metrics for continuous monitoring of controls under audit is preferred.
It Pays to Work Here
We take a holistic approach to compensation at Gemini, which includes:
- Competitive Compensation and Profit-Sharing Equity
- Flexible vacation policy
- Retirement Plan Matching
- Generous Parental leave
- Comprehensive health plans
- Training and professional development
At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace and affirmative action employer. If you have a specific need that requires accommodation, please let a member of the People Team know.