Cybersecurity GRC Analyst

Bitcoin Depot is looking for a Cybersecurity GRC Analyst with 3-5 years of experience in the financial services industry to assist with our governance, risk, and compliance (GRC) efforts. The right candidate will be instrumental in ensuring regulatory compliance, improving risk management practices, and enhancing security controls. Responsibilities will include coordinating and managing internal and external security audits and collaborating with our compliance team, internal and external auditors, and the Bitcoin Depot Cybersecurity team. 

Bitcoin Depot is the largest Bitcoin ATM Network in the world offering users the ability to buy and sell Bitcoin at thousands of BTM and BDCheckout locations.

We are proud to be an Atlanta Journal-Constitution Top Work Place for 2021 and 2022, the inc 5000, and placing on the ACG Georgia Fast 40 list for two consecutive years. We currently trade on the NASDAQ under the ticker symbol BTM. 

In this role, the successful candidate will possess the following skills and experience, including but not limited to the following.

Areas of Responsibility include: 

Governance & Compliance:

• Support the management of Information Security governance and ensure adherence to Cybersecurity policies and standards.
• Familiar with compliance with financial regulations (SOX, SEC,  CCPA/CRPA, GDPR, Australia Privacy Act)  
• Work closely with the IT Operations and Compliance team to identify, address, and resolve key Cybersecurity risks and issues promptly.
• Assist in developing, implementing, and maintaining GRC policies, procedures and framework based on NIST 800-53. 
• Manage training and security awareness programs. 
• Conduct and manage periodic security testing activities (e.g. penetration testing, DR exercises), including training of DR participants on roles and duties. 
• Conduct and manage internal and external audits and certification and security questionnaire responses. 
• Assist in generating internal and external relevant security metrics and reports for CISO and Cybersecurity and audit committee 
• Stay updated on regulatory changes and advise on potential impacts

Risk Management: 

• Perform risk assessments and identify gaps in financial and information security controls.
• Develop and monitor risk mitigation plans in collaboration with key stakeholders.
• Support third-party risk management (TPRM) process, ensuring vendor compliance with security standards. 
• Work with internal teams to assess and improve business continuity and incident response plans. 

Security & Controls:

• Prepare reports and dashboards for risk posture,  compliance status,  audit findings.
• Educate employees on GRC policies, security best practices,  and regulatory requirements.
• Serve as liaison between internal teams, external auditors,  and regulatory bodies. 

Preferred Qualifications:

• 3-5 years of GRC, risk management, compliance, and/or IT audit, preferably in banking fintech or financial services. 
• Strong knowledge of financial regulations such as SOX, SEC,  CCPA/CRPA, GDPR, and Australia Privacy Act).
• Familiarity with risk management frameworks (NIST,  ISO 27001) 
• Strong analytical, problem-solving, and communication skills.
• Relevant certifications  - CISA, CRISK, CISM, CISSP
• Excellent interpersonal skills, comfortable working at all organizational levels and in various situations.
• An ability to translate security requirements and standards into easily understood business concepts and vice versa.
• Relevant experience with certification/audit (e.g, GDRP, SOC Type I, Type II) is desirable.
• Experience working with third-party vendors and reviewing and conducting annual VAQs
• Experience working with cloud solutions AWS, Azure, and GCP

Benefits:

• 401K Matching
• Health benefits offered with a company contribution towards premiums
• Paid wellness membership
• Equity 
• Paid time off & holidays
• Annual in-person team building events
• Virtual team building events
• Remote first environment

Bitcoin Depot provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.