Manager, Technology Risk

Gemini•San Francisco, NY

29d•Hybrid

About The Position

About the Company Gemini is a global crypto and Web3 platform founded by Cameron and Tyler Winklevoss in 2014, offering a wide range of simple, reliable, and secure crypto products and services to individuals and institutions in over 70 countries. Our mission is to unlock the next era of financial, creative, and personal freedom by providing trusted access to the decentralized future. We envision a world where crypto reshapes the global financial system, internet, and money to create greater choice, independence, and opportunity for all — bridging traditional finance with the emerging cryptoeconomy in a way that is more open, fair, and secure. As a publicly traded company, Gemini is poised to accelerate this vision with greater scale, reach, and impact. The Department: Risk At Gemini, our Risk function plays a critical role in proactively identifying, assessing, responding to, and communicating Gemini’s exposure, both internally and externally. Gemini is building a robust second line of defense in a first-of-its kind industry; our goal: safeguard Gemini and our users so that we can continue to empower the individual through crypto. The Role: Manager, Technology Risk The Manager of Technology Risk position is predominantly focused on helping the overall risk management group and different areas of technology to come together. This role will be helping establish areas from a risk and control perspective and working as a bridge between IT and security stakeholders, the business and the risk management department. This role is required to be in person twice a week at either our San Francisco, CA or New York City, NY office.

Requirements

Bachelor's or advanced degree in a relevant field (e.g., Information Security, Risk Management).
8+ years of experience in IT internal audit, IT risk management, or related roles in highly regulated industries with strong knowledge of IT risk, cybersecurity, operational risk, and third-party/vendor risk.
Proven experience in implementing risk management frameworks, control testing, and data governance.
Familiarity with regulatory requirements (NYDFS, SOC2, PCI DSS, DORA EU).
Excellent communication and stakeholder engagement skills.

Nice To Haves

Previous experience working at a digital asset institution.
At least one relevant industry certification (e.g., CISSP, CISM, CRISC, CISA).
Experience with GRC tools (e.g., AuditBoard, Archer).
Strong executive presence with ability to drive enterprise-wide alignment.

Responsibilities

Risk Assessment & Monitoring Execute the IT Risk Management Framework, including risk identification, analysis, and reporting.
Conduct annual IT risk assessments, including RCSAs, targeted risk reviews, and new product/key initiative assessments.
Maintain the IT risk register; ensure timely updates and accurate reporting of exposures.
Perform post-mortem risk reviews for critical incidents and support operational loss reviews with ORM.
Governance & Frameworks Assist the Head of IT Risk in maintaining risk policies, standards, and procedures that align with Gemini’s enterprise risk management program and regulatory expectations (NYDFS, DFS, CFTC, DORA EU 2025).
Coordinate with Technology and Security teams to ensure policies and controls are properly implemented and followed.
Help prepare materials for risk committees, regulators, and senior leadership.
Controls & Testing Partner with Internal Audit, IT, Security, and BCM to assess design and operating effectiveness of IT and cyber controls.
Support control testing for internal/external audits, RCSAs, and regulatory examinations.
Track remediation and validate closure of issues using GRC tool(s).
Collaboration & Stakeholder Management Serve as a liaison between IT Risk and other functional areas, facilitating risk awareness and control adoption.
Provide guidance to IT teams on risk and control considerations for new projects, initiatives, and system changes.
Contribute to risk awareness training and initiatives across the organization.
Reporting & Metrics Assist in the development of periodic risk dashboards and key risk indicators (KRIs).
Support the Head of IT Risk in communicating IT risk posture to senior leadership.
Support development of IT & Security dashboards; ensure metric accuracy and timely updates.