Director, Technology Risk

About the job

Ready to be pushed beyond what you think you’re capable of?

At Coinbase, our mission is to increase economic freedom in the world. It’s a massive, ambitious opportunity that demands the best of us, every day, as we build the emerging onchain platform — and with it, the future global financial system.

To achieve our mission, we’re seeking a very specific candidate. We want someone who is passionate about our mission and who believes in the power of crypto and blockchain technology to update the financial system. We want someone who is eager to leave their mark on the world, who relishes the pressure and privilege of working with high caliber colleagues, and who actively seeks feedback to keep leveling up. We want someone who will run towards, not away from, solving the company’s hardest problems.

Our work culture is intense and isn’t for everyone. But if you want to build the future alongside others who excel in their disciplines and expect the same from you, there’s no better place to be.

Coinbase is looking for a creative and analytical Director of Technology Risk. You will serve as a member of the Coinbase Technology Risk leadership team and oversee our technology and security risk management program. Your risk team will define, quantify, manage, and communicate risks, and use outcomes to inform business decisions. You will serve as the subject matter expert in technology risk management operations, and will make these applicable and usable for fast-moving technical teams located across global time zones.

What You’ll Be Doing (i.e. Job Duties)

 

  • Lead and oversee the second line technology and security risk team, framing and driving the vision for a Technology Risk Management framework across the three lines of defense.
  • Lead company-wide technology and security risk initiatives. Collaborate with technology and security leadership to design and implement efficient methods for identifying, surfacing, and reporting risks across the business.
  • Build, grow, and coach a team of technology and security risk analysts; foster a culture of agility and innovation, and provide ongoing performance feedback.
  • Oversee the implementation of risk policies, standards, and technologies to establish scalable processes that grow with the business.
  • Facilitate periodic second line technology and security risk assessments across production and corporate environments, enabling teams to describe risks in both qualitative and quantitative terms.
  • Ensure monitoring is in place for all risk treatment activities, maintaining clear communication with risk owners.
  • Collaborate with global stakeholders, including international risk management partners, to build a security risk management program that supports multiple entities, products, and global locations.
  • Keep up with international regulations, emerging threats, forecasts, policies, and benchmarks, integrating these into technology and security risk management methodologies and practices.
  • Partner with Enterprise Risk Management (ERM) and Operational Risk programs to provide effective and consistent second line oversight.
  • Develop communication plans to roll out the security risk program across the organization and provide ongoing education and support to teams.

What We Look For In You (ie. Job Requirements)

 

  • Minimum of 12 years of relevant experience in technology riskinformation security risk, IT audit, and/or a related domain, with 8+ years of management experience
  • Solid communicator and writer; experience with drafting project plans across multiple stakeholders, holding teams accountable to their deliverables, and producing final reports
  • Proven ability to embed risk management practices within operations.
  • Knowledge of and experience with security and security risk standards and frameworks, such as the NIST Cybersecurity Framework, NIST RMF, COBIT, ISO 27005, DORA, FAIR risk quantification methodology, etc.
  • Expertise in all phases of the risk management lifecycle and execution of these phases within a technology or security risk management program
  • Self-motivated and demonstrate a sense of urgency in high-intensity environments
  • Shift nimbly between strategy and operations to drive the program’s success
  • Ability to communicate with technical and non-technical stakeholders including senior management in order to drive alignment
  • Enjoy solving hard problems and can turn incomplete, conflicting, or ambiguous inputs into action plans. Experience deconflicting roles and responsibilities and driving clarity.
  • Ability to leverage data to inform critical decisions and make recommendations
  • Able to manage multiple stakeholders and priorities simultaneously
  • Experience interacting with regulators
  • Knowledge of a cloud-services environment
  • Expertise in automation and building scalable solutions

Nice To Haves

 

  • Fintech, tech, or financial services experience
  • Advanced knowledge of cloud computing, Google apps, JIRA, Confluence
  • Master’s degree or equivalent combination of education and experience (ex. in a technical area, business administration, industrial engineering)
  • Quantitative modeling and data visualization
  • Prior crypto experience and a demonstrated interest in cryptocurrencies and blockchain technologies
  • Information security risk management qualifications like CRISC, CISM, CISA, etc.

Job #: P62059

Pay Transparency Notice: Depending on your work location, the target annual salary for this position can range as detailed below. Full time offers from Coinbase also include target bonus + target equity + benefits (including medical, dental, vision and 401(k)).

Pay Range

$267,325—$314,500 USD

Commitment to Equal Opportunity

Coinbase is committed to diversity in its workforce and is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, sex, gender expression or identity, sexual orientation or any other basis protected by applicable law. Coinbase will also consider for employment qualified applicants with criminal histories in a manner consistent with applicable federal, state and local law. For US applicants, you may view the Know Your Rights notice here. Additionally, Coinbase participates in the E-Verify program in certain locations, as required by law.

Coinbase is also committed to providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please contact us at accommodations[at]coinbase.com to let us know the nature of your request and your contact information. For quick access to screen reading technology compatible with this site click here to download a free compatible screen reader (free step by step tutorial can be found here).

Global Data Privacy Notice for Job Candidates and Applicants

Depending on your location, the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) may regulate the way we manage the data of job applicants. Our full notice outlining how data will be processed as part of the application procedure for applicable locations is available here. By submitting your application, you are agreeing to our use and processing of your data as required. For US applicants only, by submitting your application you are agreeing to arbitration of disputes as outlined here.

More Information

Apply for this job
Share this job

13th Anniversary Global InfoSec Awards for 2025 now open for super early bird packages! Winners Announced during RSAC 2025...

X