Security and GRC Manager

Bitcoin Depot is seeking a  Security and GRC Manager  to lead Security, GRC and IT end point management.  In this exciting  role you will be responsible for managing and implementing (hands on) security policies across the Bitcoin Depot organization including 3rd party vendor assessments, incident management execution, and responding to compliance and regulatory questionnaires as well as internal IT security audits. In addition to these responsibilities, you will also be responsible for managing Bitcoin Depot end point management and security. 

Bitcoin Depot is the largest Bitcoin ATM Network in the world offering users the ability to buy and sell Bitcoin at thousands of BTM and BDCheckout locations.

We are proud to be an Atlanta Journal-Constitution Top Work Place for 2021 and 2022, the inc 5000, and placing on the ACG Georgia Fast 40 list for two consecutive years. We currently trade on the NASDAQ under the ticker symbol BTM.

In this role, the successful candidate will possess the following skills and experience, including but not limited to the following

Essential Functions:

• Ensure the security and safety of all business information, both at rest and in transit. 
• Work with Policy and Compliance to build and maintain IT networks and systems that adhere to government/contractual requirements.
• Partner with engineering and DevOps on secure architecture.
• Partner with Compliance and Legal on regulatory requirements. 
• Manage Vulnerability review and work with IT operations to regularly perform internal and external scans and audits and fix any identified issues to ensure IT security.
• Manage Infrastructure Security.
• Enhance and maintain the current network per IT policy.
• Analyze security breaches to determine root cause, then mitigate any discovered issues.
• Participate in architecture reviews and provide security approvals.
• Manage security incident policy and response plan execution.
• Provide quarterly and security assessment reviews.
• Conduct all 3rd party vendor security assessment.
• Manage and maintain perimeter defense systems (firewalls, VPN tunnels, etc.).
• Maintain and administer security awareness training curriculum for employees.
• Lead certification efforts for SOC 2, SOX ITGC Audits.
• Work cross-functionally within the company to fulfill security requirements. 

Requirements:

• 2+ years of people management experience.
• Experience configuring/securing Linux/Windows endpoints and environments.
• Experience working and securing AWS, GCP and other cloud infrastructure environment.
• Experience working with EntraID,  Google Workspace and IAM management. 
• Experience with endpoint VPN, security, OS Patch and third party patch management. 
• Experience with forensic investigations of network intrusions/data breaches.
• Experience with GDPR, SOC2, NIST, SOX ITGC and other consumer protection laws.
• Experience with leading certification for SOC 2, SOX ITGC audits.
• Experience with managing firewalls including AWS and GCP security and Fortinet.
• Experience working with third-party vendors.
• Experience using Jira ticketing system.
• Bachelor’s degree in computer science or related field.
• 5+ years of Cybersecurity, GRC, Endpoint Management experience

Preferred Qualifications:

• Certified Information Systems Security Professional (CISSP).
• Certified Ethical Hacker certification.
• Experience with NIST/ ISO 27001 security frameworks.
• Experience working in FinTech and or Cryptocurrency space.

Essential Functions:

• Ensure the security and safety of all business information, both at rest and in transit. 
• Work with Policy and Compliance to build and maintain IT networks and systems that adhere to government/contractual requirements.
• Manage Vulnerability review and work with IT operations to regularly perform internal and external scans and audits and fix any identified issues to ensure IT security.
• Manage Infrastructure Security.
• Enhance and maintain the current network per IT policy.
• Analyze security breaches to determine root cause, then mitigate any discovered issues.
• Participate in architecture reviews and provide security approvals. 
• Manage security incident policy and response plan execution.
• Provide quarterly and security assessment reviews.
• Conduct all 3rd party vendor security assessment.
• Manage and maintain perimeter defense systems (firewalls, VPN tunnels, etc.).
• Maintain and administer security awareness training curriculum for employees.
• Experience with GDPR, CCPA, and other consumer protection laws.
• Work closely with other teams within the Company to fulfill security requirements.

Requirements:

• Experience configuring/securing Linux/Windows Server environments.
• Experience working with AWS and Microsoft Azure environment.
• Experience working with securing Docker containers and Microservices.
• Experience with forensic investigations of network intrusions/data breaches.
• Experience with Fortinet or Cisco networking systems.  Fortinet preferred.
• Experience working with third-party vendors. 
• Experience working with offshore teams. 
• Experience using Jira ticketing system.
• Bachelor’s degree in computer science or related field.
• 5+ years in Management.
• 5+ years of Cybersecurity, DevOps, and DevOpsSecurity experience 

Preferred Qualifications:

• Certified Information Systems Security Professional (CISSP).
• Certified Ethical Hacker certification.
• Experience with NIST/ ISO 27001 security frameworks.
• Experience working in FinTech and or Cryptocurrency space.

Benefits

• 401K Matching
• Health benefits offered with a company contribution towards premiums
• Paid wellness membership
• Equity 
• Paid time off & holidays
• Annual in-person team building events
• Virtual team building events
• Remote first environment

Bitcoin Depot provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.