Lead, Security Risk at Coinbase
Coinbase has built the world's leading compliant cryptocurrency platform serving over 30 million accounts in more than 100 countries. With multiple successful products, and our vocal advocacy for blockchain technology, we have played a major part in mainstream awareness and adoption of cryptocurrency. We are proud to offer an entire suite of products that are helping build the cryptoeconomy and increase economic freedom around the world.
There are a few things we look for across all hires we make at Coinbase, regardless of role or team. First, we look for signals that a candidate will thrive in a culture like ours, where we default to trust, embrace feedback, disrupt ourselves, and expect sustained high performance because we play as a championship team. Second, we expect all employees to commit to our mission-focused approach to our work. Finally, we seek people with the desire and capacity to build and share expertise in the frontier technologies of crypto and blockchain, in whatever way is most relevant to their role.
Coinbase is looking for an agile, creative, and analytical Security Risk Management Lead. You are a systems thinker who will serve as a senior member of the security risk management program, enabling all security and privacy teams to define, measure, manage and drive decision making about security risks. This person will serve as the subject matter expert in security risk management standards and frameworks, and will make these applicable and usable for fast-moving technical teams located across time zones. You are a self-starter who can project manage and meet deliverable deadlines. You are comfortable wrapping your arms around risk management challenges on your own and while working within teams.
What you’ll be doing (ie. job duties):
- Facilitate security and privacy risk assessments across our production and corporate environments, enabling security and privacy teams to describe risk in both qualitative and quantitative terms
- Develop communication plans to roll out the security risk program across the security organization, and provide ongoing education and support to teams
- Maintain the security risk register, supporting tooling and automation
- Ensure monitoring is in place for all risk treatment activities with communications in place with risk owners.
- Enable teams and leadership to make risk-based decisions and trade-offs impacting security investment strategies and project prioritization
- Report on findings and recommend mitigations to senior management
- Program alignment with Enterprise Risk Management Framework and ensure to escalate risks to the appropriate audience
- Collaborate with regional stakeholders, including international risk management partners, to build a risk management program that is embedded across multiple Coinbase entities, products, and global locations
- Operationalise a Security Risk Management Framework ensuring all security risk related activities are managed accordingly.
- Keep up with relevant international regulation, emerging threats, forecasts, policies and benchmarks, and integrate emerging requirements into security risk management methodologies and/or practices
- Partner with security stakeholders to integrate security and privacy risk reporting with the security maturity model
What we look for in you (ie. job requirements):
- Minimum of 8 years of relevant experience in information security risk management and/or a related domain
- Solid communicator and writer; experience with drafting project plans across multiple stakeholders, holding teams accountable to their deliverables, and producing final reports
- Knowledge of and experience with security and security risk standards and frameworks, especially ISO 27005 and the NIST Risk Management Framework , FAIR risk quantification methodology, etc.
- Expertise in all phases of the risk management lifecycle and execution of these phases within a security risk management program.
- Expert at coordinating highly technical and non-technical teams
- Self-motivated and demonstrate a sense of urgency in high-intensity environments
- Problem-solve by designing, improving, and scaling procedures
- Shift nimbly between ops, project management, and strategy to drive the program’s success
Nice to haves:
- Fintech, tech, financial services or consulting work history
- Master's degree or equivalent combination of education and experience (ex. in a technical area, business administration, industrial engineering)
- Knowledge of global regulatory requirements, including cybersecurity, data privacy, and global trade compliance
- Information security risk management qualifications like CRISC,, CISM, etc.
- Knowledge of a cloud-services environment
- Data visualization
- Expertise in automation and building scalable solutions
Coinbase is committed to diversity in its workforce and is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, sex, gender expression or identity, sexual orientation or any other basis protected by applicable law. Coinbase will also consider for employment qualified applicants with criminal histories in a manner consistent with applicable federal, state and local law. For US applicants, you may view Pay Transparency, Employee Rights and Equal Employment Opportunity is the Law notices by clicking on their corresponding links. Additionally, Coinbase participates in the E-Verify program in certain locations, as required by law.
Coinbase is also committed to providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please send an e-mail to [email protected] coinbase.com and let us know the nature of your request and your contact information. For quick access to screen reading technology compatible with this site click here to download a free compatible screen reader (free step by step tutorial can be found here). Please contact [email protected] coinbase.com for additional information or to request accommodations.Global Data Privacy Notice for Job Candidates and Applicants
Depending on your location, the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) may regulate the way we manage the data of job applicants. Our full notice outlining how data will be processed as part of the application procedure for applicable locations is available here: Ireland/EU, United Kingdom, and California. By submitting your application, you are agreeing to our use and processing of your data as required.