Security Information Analyst (GRC)

---

Job description

Introduction

NYDIG is a leading technology and financial services firm accelerating the Bitcoin future. We believe that Bitcoin is not just a new asset class but a potentially powerful force for good. NYDIG's focus is two-fold. First, we aim to provide the best investor solution platform with the most sophisticated suite of products to corporations, asset managers, institutions, and other sophisticated investors. Second, we aim to democratize access by providing a technology platform capable of powering embedded bitcoin products and services for any financial institution. Our team is a group of proven innovators with deep domain expertise across finance and technology. We look for optimistic, passionate, low-ego, excellence-driven people who want to work together on creating impactful solutions. This is a rare opportunity to join a rapidly growing firm innovating in an exciting and dynamic industry.

Description

As a security information analyst within the Governance, Risk, and Compliance team, you'll be a part of a team that is responsible for designing, operationalizing, and overseeing control activities across the security organization, as well as the broader company. You will be expected to proactively identify and remediate security risks to enable the business in achieving their goals. Establish security baselines that will drive security governance, and drive security awareness across the organization. To be able to do that you will be required to remain up to speed with an evolving regulatory environment and to quickly gain an understanding of the growing product suite. The ability to cultivate a solid working relationship with our core product engineering team and others including engineering, compliance and legal is a must.

Responsibilities

• Build and maintain NYDIG's security baselines and controls environment
• Test operating effectiveness of the defined security controls
• Monitor and report on Security Key Risk Indicators
• Work with the business and technology teams to support with risk identification, tracking and remediation
• Assist NYDIG teams in security compliance related matters including diligence requests
• Assist in completing regulatory filings, exams, and certifications
• Support security and legal teams in addressing client Personally Identifiable Information (PII) requests
• Assist in developing and maintenance of security policies

Requirements

• 2+ years of experience in a GRC, IT audit or security role
• Working knowledge of IT security and GRC standards (NIST CSF, ISO 27k1, COSO, etc.)
• Experience in testing, monitoring, and reporting on internal controls (background in control design is a plus)
• Experience in conducting or taking part in SOC1/SOC2 audits is a plus
• Demonstrated ability to continuously learn and work independently
• Ability to work effectively in teams of technical and non-technical individuals, including peers in non-technical departments
• Ability to work independently with minimal supervision
• Own the company's problems like they are your own

Benefits

• Highly competitive compensation package
• Generous benefits package including
• Unlimited PTO
• Exceptional benefits package with:
• $1/month premiums for you and your family
• HSA plan option with employer funding
• Dedicated benefit concierge
• Free One Medical membership
• Flexible unmetered Parental Leave policy
• 401k program with company match
• Employer sponsorship for personal/professional development programs (the sky's the limit!)