Manager - Security Governance, Risk and Compliance

---

Job description

Introduction

NYDIG is a leading technology and financial services firm accelerating the Bitcoin future. We believe that Bitcoin is not just a new asset class but a potentially powerful force for good. NYDIG's focus is two-fold. First, we aim to provide the best investor solution platform with the most sophisticated suite of products to corporations, asset managers, institutions, and other sophisticated investors. Second, we aim to democratize access by providing a technology platform capable of powering embedded bitcoin products and services for any financial institution. Our team is a group of proven innovators with deep domain expertise across finance and technology. We look for optimistic, passionate, low-ego, excellence-driven people who want to work together on creating impactful solutions. This is a rare opportunity to join a rapidly growing firm innovating in an exciting and dynamic industry.

Description

As the GRC (Security Governance, Risk and Compliance) area manager within the Security team, you'll be building and leading a team that is responsible for designing, operationalizing, and overseeing security control activities across the security organization, as well as the broader company. You will be expected to proactively identify and remediate security risks to enable the business in achieving their goals. To be able to do that you will be required to remain up to speed with an evolving regulatory environment and to quickly gain an understanding of the growing product suite. The ability to cultivate a solid working relationship with our core product engineering team and others including engineering, compliance and legal is a must.

You'll join at an ideal time to make a big impact, NYDIG is seeing high growth, as well as a need for scaling up dramatically. You'll be involved in every step of the process-defining product, designing architecture, managing the team, recruiting excellent analysts and engineers.

Responsibilities

• Define, implement and operationalize NYDIG's security baselines and controls environment
• Create and operate NYDIG's security governance program
• Define and operationalize NYDIG's risk management program and work with the business and technology teams to support with risk identification, tracking and remediation
• Operate NYDIG's security compliance program, including
• Assisting NYDIG teams in security compliance related matters including diligence requests
• Assist in completing regulatory filings, exams, and certifications
• Define and operationalize NYDIG's security training program.

Requirements

• 10+ years of experience in a GRC, IT audit or security role
• Working knowledge of IT security and GRC standards (NIST CSF, ISO 27k1, COSO, etc.)
• Experience in testing, monitoring, and reporting on internal controls (background in control design is a plus)
• Experience in conducting or taking part in SOC1/SOC2 audits is a plus
• Demonstrated ability to continuously learn and work independently
• Ability to work effectively in teams of technical and non-technical individuals, including peers in non-technical departments
• Ability to work independently with minimal supervision
• Own the company's problems like they are your own

Benefits

• Highly competitive compensation package
• Generous benefits package including
• Unlimited PTO
• Exceptional benefits package with:
• $1/month premiums for you and your family
• HSA plan option with employer funding
• Dedicated benefit concierge
• Free One Medical membership
• Flexible unmetered Parental Leave policy
• 401k program with company match
• Employer sponsorship for personal/professional development programs (the sky's the limit!)