Unchain DataJobs
← Back to all jobs

Senior Analyst, Technology and Security Risk

Coinbase logo

Coinbase

📍 Remote - US💰$167k - $197k🕐 Posted 4 days ago
Data AnalystOnsiteRemote
jiraarcher
Apply

Job Description

About Us

At Coinbase, our mission is to increase economic freedom in the world. We're building the emerging onchain platform and with it, the future global financial system. Our work culture is intense and demanding—we seek individuals who are passionate about our mission and believe in the power of crypto and blockchain technology to update the financial system. We want people who relish the pressure of working with high caliber colleagues, actively seek feedback to keep leveling up, and run towards solving the company's hardest problems.

While many roles at Coinbase are remote-first, we are not remote-only. In-person participation is required throughout the year. Team and company-wide offsites are held multiple times annually to foster collaboration, connection, and alignment. Attendance is expected and fully supported.

The Role

Coinbase is looking for a creative and analytical Senior Analyst of Technology and Security Risk. You will serve as a member of the Coinbase Technology Risk & Controls team and support the implementation and maturity of our technology and security risk management program. Your risk team will define, quantify, manage, and communicate risks, and use outcomes to inform business decisions. You will serve as the subject matter expert in technology and security risk management operations, and will make these applicable and usable for fast-moving technical teams located across global time zones.

Responsibilities

  • Analysis of multiple variables, including but not limited to threat intelligence and risks, to inform threat models and risk scoring methodologies.
  • Enable risk informed business outcomes: Enable teams and leadership to make risk-based decisions by clearly communicating quantitative and qualitative tradeoffs.
  • Manage risks throughout the risk lifecycle: Intake, triage, analyze, and calculate inherent and residual risk in collaboration with subject matter experts and risk owners. Facilitate agreement and documentation of risk treatment decisions; pressure test treatment decisions and validate execution of mitigation plans across stakeholders as required. Participate in continuous monitoring of risk treatment.
  • Reporting on risk posture: Support synchronous and asynchronous reporting on findings, metrics, and recommend mitigations to business leadership. This includes ad hoc and scheduled meetings with leadership and business risk owners.
  • Maintain source of truth risk register: Quality control of data, tooling support, and implementing automation and process improvements to establish a baseline and iteratively improve risk management data and tooling.
  • Communications and training: Support develop, execution, and maintenance of communication and training plans to roll out the technology and security risk program across the organization. Maintain team runbooks, team intra-web pages, and risk register metrics dashboards.
  • Enterprise risk alignment: Work in lockstep with Enterprise Risk Management to escalate risks through the enterprise risk register and report relevant metrics to senior leadership as determined necessary.
  • Global Engagement: Collaborate with stakeholders to help scale the program's risk framework across Coinbase entities, products, and geographies and markets. Regularly collaborate with GRC teams, Legal and Compliance for risks, assessments, and reporting to meet regulatory requirements.
  • Support audit and regulatory inspections: Support data compilation to respond to US and international audit and regulator inquiries.
  • Maintain an industry pulse: Maintain awareness of international regulation, emerging threats, forecasts, policies, and benchmarks.
  • Execute risk assessments: Execute technology and security risk assessments across production and corporate environments, enabling the team to communicate risk in both qualitative and quantitative terms.

Requirements

  • 5+ years of experience working in a 1 or 2 LoD risk management function and/or Governance, Risk, and Compliance organization.
  • Risk domain knowledge and best practices: Familiarity with standards and frameworks such as ISO 27001/5, NIST CSF, COBIT, ITIL, DORA, and FAIR risk quantification methodology to measure controls and risks, monitor controls and risks, and validate, track, and evidence remediation.
  • Technology and/or security risk domain knowledge: Ability to dig into technology and security risk solutions and to work on quantitative risk assessments across information technology and security domains such as vulnerability management, resilience, systems development lifecycle, and infrastructure.
  • Comfortable working with project management tooling such as Jira and Archer, and quantitative and qualitative data analytics tooling.
  • Clear and concise communicator and writer; experience drafting and operationalizing project plans across stakeholders, holding teams accountable, and documenting deliverables to varying levels of junior and senior stakeholder audiences. Ability to translate controls and risk standards out of compliance speak and into functional requirements and across varying levels of technical stakeholders.
  • Regulatory familiarity: Working knowledge of major regulatory and legal frameworks (US and international) driving requirements across technology organizations.
  • Navigating ambiguity and complexity: Ability to manage a queue against strategic priorities and expertise in handling multiple assessments at a time. You are comfortable operating on an unpaved road and dealing with ambiguity.
  • Drive for continuous learning: You are willing to learn and apply processes unique to the challenges at Coinbase. You have a willingness to embrace a steep learning curve and stretch opportunities to learn new skills.
  • Excellent organization and project management skills in a fast-moving and demanding environment.

Nice to Have

  • FinTech, TradFi, consulting, business operations, technical program management, or other customer-facing disciplines.
  • Strong knowledge of risk and control issues in relation to evolving technology such as crypto, mobile, cloud, data lakes, and machine learning.
  • Certification is a plus but not a requirement: information security risk management qualifications like CRISC, CISA, CISSP, CISM, and FAIR.
  • Coding knowledge a plus but not a requirement (e.g., learn to build data joins, integrations with GRC and data visualization tools).
  • Demonstrated beginner to intermediate knowledge of crypto, blockchain, or web3.

Compensation

Depending on your work location, the target annual base salary for this position can range from $167,280 to $196,800 USD. Total compensation may also include equity and bonus eligibility and benefits including medical, dental, vision, and 401(k).