Lead, IT Risk
Gemini · New York, NY · 4 days ago
RemoteRemoteInformation Technology$99k–$142k/yrFull-time
Responsibilities
- Risk Assessment & Monitoring
- Execute the IT Risk Management Framework, including risk identification, analysis, and reporting.
- Conduct annual IT risk assessments, including RCSAs, targeted risk reviews, and new product/key initiative assessments.
- Maintain the IT risk register; ensure timely updates and accurate reporting of exposures.
- Perform post-mortem risk reviews for critical incidents and support operational loss reviews with ORM.
- Governance & Frameworks
- Assist the Head of IT Risk in maintaining risk policies, standards, and procedures that align with Gemini’s enterprise risk management program and regulatory expectations (NYDFS, DFS, OCC, CFTC).
- Coordinate with Technology and Security teams to ensure policies and controls are properly implemented and followed.
- Help prepare materials for risk committees, regulators, and senior leadership.
- Controls & Testing
- Partner with Internal Audit, IT, Security, and BCM to assess design and operating effectiveness of IT and cyber controls.
- Support control testing for internal/external audits, RCSAs, and regulatory examinations.
- Track remediation and validate closure of issues using GRC tool(s).
- Collaboration & Stakeholder Management
- Serve as a liaison between IT Risk and other functional areas, facilitating risk awareness and control adoption.
- Provide guidance to IT teams on risk and control considerations for new projects, initiatives, and system changes.
- Contribute to risk awareness training and initiatives across the organization.
- Reporting & Metrics
- Aid in the development of periodic risk dashboards and key risk indicators (KRIs).
- Support the Head of IT Risk in communicating IT risk posture to senior leadership.
- Support development of IT & Security dashboards; ensure metric accuracy and timely updates.
- Business Continuity & Resilience
- Execute and maintain the Business Continuity Management (BCM) program, including governance artifacts, testing, audits, and issue remediation.
- Assess and manage business continuity risks, including people dependencies, facilities, physical security, and third-party operational resilience.
- Drive crisis response and regulatory notifications (e.g., NYDFS), including escalation, documentation, and external stakeholder coordination.
- Validate vendor BCM compliance and define and monitor business impact thresholds (RTOs, RPOs, tolerances), supporting ongoing impact assessments and reporting.
- Bachelor’s or advanced degree in Information Security, Risk Management, or related field.
- 8+ years of experience in IT internal audit, IT risk management, or related roles in highly regulated industries with strong knowledge of IT risk, cybersecurity, operational risk, and third-party/vendor risk.
- Proven experience in implementing risk management frameworks, control testing, and data governance.
- Familiarity with regulatory requirements (NYDFS, SOC2, PCI DSS).
- Excellent communication and stakeholder engagement skills.
- Previous experience working at a digital asset institution.
- At least one relevant industry certification (e.g., CISSP, CISM, CRISC, CISA).
- Experience with GRC tools (e.g., AuditBoard, Archer).
- Strong executive presence with ability to drive enterprise-wide alignment.