Coinbase is hiring a

Senior Analyst, Security Risk

Remote

Coinbase has built the world's leading compliant cryptocurrency platform serving over 30 million accounts in more than 100 countries. With multiple successful products, and our vocal advocacy for blockchain technology, we have played a major part in mainstream awareness and adoption of cryptocurrency. We are proud to offer an entire suite of products that are helping build the cryptoeconomy and increase economic freedom around the world.

There are a few things we look for across all hires we make at Coinbase, regardless of role or team. First, we look for signals that a candidate will thrive in a culture like ours, where we default to trust, embrace feedback, disrupt ourselves, and expect sustained high performance because we play as a championship team. Second, we expect all employees to commit to our mission-focused approach to our work. Finally, we seek people with the desire and capacity to build and share expertise in the frontier technologies of crypto and blockchain, in whatever way is most relevant to their role.

Coinbase is looking for an experienced Security Risk Management Senior Analyst to join the team. The security risk analyst will steer the security risk management program, enabling all security and privacy teams to manage and drive decision making about security risks. As the Security Risk Management Senior Analyst, you are the subject matter expert in security risk management standards and frameworks, and will make these applicable and usable for fast-moving technical teams.

What you’ll be doing (ie. job duties):

  • Facilitate security and privacy risk assessments across our production and corporate environments, enabling security and privacy teams to describe risk in both qualitative and quantitative terms
  • Develop communication plans to roll out the security risk program across the security organization, and provide ongoing education and support to teams
  • Maintain the Security Risk Register and supporting tooling & automation 
  • Facilitate agreement and execution of mitigation plans across numerous business stakeholders 
  • Enable teams and leadership to risk-based decisions and trade-offs impacting security investment strategies and project prioritization
  • Report on findings and recommend mitigations to senior management
  • Align with Enterprise Risk Management to escalate risks to the appropriate audience
  • Collaborate with regional stakeholders, including international risk management partners, to build a risk management program that is embedded across multiple Coinbase entities, products, and global locations
  • Regularly collaborate with Legal and Compliance to understand and meet regulatory requirements
  • Keep up with relevant international regulation, emerging threats, forecasts, policies and benchmarks, and integrate emerging requirements into security risk management methodologies and/or practices
  • Partner with security stakeholders to integrate security and privacy risk reporting with the security maturity model

What we look for in you (ie. job requirements):

  • Minimum of 5+ years of relevant experience in information security risk management and/or security compliance
  • Solid communicator and writer; experience with drafting project plans across multiple stakeholders, holding teams accountable to their deliverables, and producing final reports
  • Knowledge of and experience with security standards and frameworks, especially ISO27001/5
  • Understanding of security and security risk management frameworks: NIST CSF, FAIR risk quantification methodology, etc

Nice to haves:

  • Master's degree or equivalent combination of education and experience (ex. in a technical area, business administration, industrial engineering)
  • Knowledge of global regulatory requirements, including cybersecurity, data privacy and global trade compliance
  • Information security risk management qualifications like CISA, CISSP, CISM, etc
  • Knowledge of a cloud-services environment
  • Expertise in automation and building scalable solutions