Manager, Security Risk
We’re Coinbase. We’re the world’s most trusted way to join the crypto revolution, serving more than 89 million accounts in more than 100 countries.
Our mission is to increase economic freedom around the world, and we couldn’t do this without hiring the best people. We’re a group of hard-working overachievers who are deeply focused on building the future of finance and Web 3.0 for our users across the globe, whether they’re trading, storing, staking or using crypto. Know those people who always lead the group project? That’s us.
There are a few things we look for across all hires we make at Coinbase, regardless of role or team. First, we look for candidates who will thrive in a culture like ours, where we default to trust, embrace feedback, and disrupt ourselves. Second, we expect all employees to commit to our mission-focused approach to our work. Finally, we seek people who are excited to learn about and live crypto, because those are the folks who enjoy the intense moments in our sprint and recharge work culture. We’re a remote-first company looking to hire the absolute best talent all over the world.
Ready to #LiveCrypto? Who you are:
- You’ve got positive energy. You’re optimistic about the future and determined to get there.
- You’re never tired of learning. You want to be a pro in bleeding edge tech like DeFi, NFTs, DAOs, and Web 3.0.
- You appreciate direct communication. You’re both an active communicator and an eager listener - because let’s face it, you can’t have one without the other. You’re cool with candid feedback and see every setback as an opportunity to grow.
- You can pivot on the fly. Crypto is constantly evolving, so our priorities do, too. What you worked on last month may not be what you work on today, and that excites you. You’re not looking for a boring job.
- You have a “can do” attitude. Our teams create high-quality work on quick timelines. Owning a problem doesn’t scare you, but rather empowers you to take 100% responsibility for achieving our mission.
- You want to be part of a winning team. We’re stronger together, and you’re a person who embraces being pushed out of your comfort zone.
Coinbase is looking for an agile, creative, and analytical Security Risk Manager. You are a systems thinker who will serve as a senior member of the security risk management program, enabling all security and privacy teams to define, measure, manage and drive decision making about security risks. This person will serve as the subject matter expert in security risk management standards and frameworks, and will make these applicable and usable for fast-moving technical teams located across time zones. You are a self-starter who can project manage and meet deliverable deadlines. You are comfortable wrapping your arms around risk management challenges on your own and while working within teams.
What you’ll be doing (ie. job duties):
- Facilitate security and privacy risk assessments across our production and corporate environments, enabling security and privacy teams to describe risk in both qualitative and quantitative terms
- Develop communication plans to roll out the security risk program across the security organization, and provide ongoing education and support to teams
- Maintain the security risk register, supporting tooling and automation
- Ensure monitoring is in place for all risk treatment activities with communications in place with risk owners.
- Enable teams and leadership to make risk-based decisions and trade-offs impacting security investment strategies and project prioritization
- Report on findings and recommend mitigations to senior management
- Program alignment with Enterprise Risk Management Framework and ensure to escalate risks to the appropriate audience
- Collaborate with regional stakeholders, including international risk management partners, to build a risk management program that is embedded across multiple Coinbase entities, products, and global locations
- Operationalize a Security Risk Management Framework ensuring all security risk related activities are managed accordingly.
- Keep up with relevant international regulation, emerging threats, forecasts, policies and benchmarks, and integrate emerging requirements into security risk management methodologies and/or practices
- Partner with security stakeholders to integrate security and privacy risk reporting with the security maturity model
What we look for in you (ie. job requirements):
- Minimum of 8 years of relevant experience in information security risk management and/or a related domain
- Solid communicator and writer; experience with drafting project plans across multiple stakeholders, holding teams accountable to their deliverables, and producing final reports
- Knowledge of and experience with security and security risk standards and frameworks, especially ISO 27005 and the NIST Risk Management Framework , FAIR risk quantification methodology, etc.
- Expertise in all phases of the risk management lifecycle and execution of these phases within a security risk management program.
- Expert at coordinating highly technical and non-technical teams
- Self-motivated and demonstrate a sense of urgency in high-intensity environments
- Problem-solve by designing, improving, and scaling procedures
- Shift nimbly between ops, project management, and strategy to drive the program’s success
Nice to haves:
- Fintech, tech, financial services or consulting work history
- Master's degree or equivalent combination of education and experience (ex. in a technical area, business administration, industrial engineering)
- Knowledge of global regulatory requirements, including cybersecurity, data privacy, and global trade compliance
- Information security risk management qualifications like CRISC,, CISM, etc.
- Knowledge of a cloud-services environment
- Data visualization
- Expertise in automation and building scalable solutions
P29607
Notice for Colorado applicants as required by sb19-085 (8-5-20). Target annual salary for this role performed in Colorado, is $188,275 + target bonus + target equity + benefits (including medical, dental, vision and 401(k)).
Coinbase is committed to diversity in its workforce and is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, sex, gender expression or identity, sexual orientation or any other basis protected by applicable law. Coinbase will also consider for employment qualified applicants with criminal histories in a manner consistent with applicable federal, state and local law. For US applicants, you may view Pay Transparency, Employee Rights and Equal Employment Opportunity is the Law notices by clicking on their corresponding links. Additionally, Coinbase participates in the E-Verify program in certain locations, as required by law.
Coinbase is also committed to providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please send an e-mail to accommodations[at]coinbase.com and let us know the nature of your request and your contact information. For quick access to screen reading technology compatible with this site click here to download a free compatible screen reader (free step by step tutorial can be found here).
Global Data Privacy Notice for Job Candidates and Applicants
Depending on your location, the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) may regulate the way we manage the data of job applicants. Our full notice outlining how data will be processed as part of the application procedure for applicable locations is available here. By submitting your application, you are agreeing to our use and processing of your data as required.