VP, IT Risk and Control Manager

Join to apply for the VP, IT Risk and Control Manager role at Galaxy.

Who We Are
At Galaxy, we build products and services to help the world invest in economic progress. We believe in crypto and blockchain innovations to permeate and improve the global economy. Our vision is a society where value and ownership flow as freely as information. Galaxy is a digital asset and blockchain leader aiding institutions, startups, and individuals in navigating the crypto economy. We offer platform solutions across three main areas: Global Markets, Asset Management, and Digital Infrastructure Solutions, including trading, lending, strategic advisory, investment solutions, bitcoin mining, network validation, and custodial technology. Led by CEO Michael Novogratz, our team is composed of crypto enthusiasts and industry veterans. Our headquarters are in New York City, with offices worldwide.

What We Value
We are a diverse team of free thinkers and fast movers, committed to high performance, transparency, and a mission-first culture. Our core values include seeking excellence, being effective through selectivity, maintaining alignment with flexibility, encouraging open disagreement, fostering independent decision-making, and building strong teams.

Who You Are
We are seeking a highly experienced IT Risk and Control Manager for our London-based team. This role will lead IT risk management, control governance, support regulatory compliance under UK, EU, and US cybersecurity standards, and oversee third-party ICT risk assessments. It is vital for ensuring Galaxy Digital’s compliance as a regulated Virtual Asset Service Provider (VASP).

What You’ll Do

• Monitor and test IT controls, report deficiencies, oversee remediation
• Manage internal audit findings and risk action plans
• Ensure UK operations align with group IT governance standards

• Ensure compliance with UK, EU, and US laws including NIS, PRA SS1/21, FCA SYSC, DORA, MiCA, NIST CSF, NYDFS, SEC cybersecurity rules
• Support regulatory submissions and liaise with UK authorities
• Partner with Compliance on emerging cyber regulations

• Conduct third-party cybersecurity risk assessments and due diligence
• Enforce contractual cybersecurity requirements with vendors
• Maintain third-party risk inventory and review processes

• Maintain IT and cyber policies compliant with industry standards
• Lead cybersecurity awareness and incident response initiatives

What We’re Looking For

• Minimum 10 years’ experience in IT risk, cybersecurity governance, or technology audit in financial services or crypto/digital assets
• Strong knowledge of UK, EU, and US cybersecurity regulations, including MiCA, DORA, GDPR, FCA rules
• Proven success in risk assessments and compliance audits
• Experience with IT GRC tools (e.g., Archer, ServiceNow, OneTrust)
• Excellent analytical, communication, and stakeholder management skills

Bonus Points

• Certifications such as CISA, CISSP, CRISC, or CISM
• Experience in regulated crypto exchanges or fintech
• Knowledge of blockchain, DeFi, custody models, and wallet technologies

What We Offer

• Competitive salary and discretionary bonus
• Health and protective benefits for employees and dependents
• Virtual coaching and counseling
• Opportunities to learn about the crypto industry
• Collaborative and innovative colleagues
• Employee Resource Groups
• Benefits vary by location

Galaxy is committed to diversity and equal opportunity employment. We provide accommodations for applicants with disabilities upon request. Contact careers@galaxy.com for assistance.