Business Information Security Officer

Details

Ready to be pushed beyond what you think you’re capable of?

At Coinbase, our mission is to increase economic freedom in the world. It’s a massive, ambitious opportunity that demands the best of us, every day, as we build the emerging onchain platform — and with it, the future global financial system.

To achieve our mission, we’re seeking a candidate who is passionate about crypto and blockchain technology, eager to leave their mark, and comfortable working with high-caliber colleagues. Our work culture is intense: while many roles are remote-first, they are not remote-only and in-person participation is required throughout the year (team and company offsites multiple times annually).

Coinbase views security as one of our core product features. This role sits on the dedicated Security team supporting Institutional business lines and focuses on creating a secure user experience for customers. You will partner closely with product engineers, cryptography engineers, and other technical teams; a deep understanding of backend systems is a significant benefit.

Responsibilities

• Lead and develop a comprehensive information security strategy and program as the primary security leader supporting the local entity CEO.
• Design, implement, and manage threat modeling, penetration testing, secure cryptographic key management, and data separation initiatives.
• Lead a small team of security specialists and grow the team with the business.
• Architect and deploy technical security infrastructure and controls to protect critical business assets and satisfy regulatory compliance requirements.
• Lead engineering build activities for custom security tools, monitoring systems, and automated security controls tailored to business needs.
• Build and own all local security controls within the entity, ensuring full coverage of security functions.
• Conduct security analysis of software code, applications, and systems to identify vulnerabilities and drive remediation.
• Manage security operations and incident response procedures, including crisis communication and board-level reporting during incidents.
• Lead M&A due diligence to assess security risks and threat surfaces of potential acquisition targets and define integration strategies for acquired companies.
• Evaluate which security functions should be in-house versus outsourced to meet regulatory and business needs.
• Develop and maintain security policies, risk management frameworks, and compliance documentation aligned with industry best practices.

Requirements

• Proven hands-on security practitioner with deep specialization in at least one of: penetration testing, software engineering, security architecture, or secure product development.
• Strong software engineering background; ability to read, analyze, and perform security assessments of complex codebases.
• Demonstrated experience designing and implementing technical security infrastructure, controls, and architectures at scale.
• Leadership experience building and managing security teams; ability to scale from individual contributor to manager.
• Security operations and incident response expertise, including crisis management and communication during security events.
• Executive-level communication skills; able to present security strategy and risk assessments to board members and C-suite.
• Experience working in highly regulated industries with complex compliance requirements and regulatory frameworks.
• Strong technical understanding of backend engineering architectures, cloud security, and modern application security principles.
• Technical capability to evaluate when to insource or integrate security capabilities to address organizational needs.
• Experience evaluating and determining which security functions require in-house capabilities versus outsourced solutions.

Nice to haves

• Knowledge of cryptography, multi-party computation, and secure key management best practices.
• Advanced penetration testing certifications (OSCP, OSCE, GPEN, or similar).
• Hands-on engineering experience building custom security tools, automation platforms, and infrastructure-as-code implementations.
• Background in financial services, fintech, or cryptocurrency/blockchain security.
• Master’s degree in Information Security, Computer Science, Engineering, or related technical field.
• Experience with security analytics platforms and threat hunting capabilities.
• Previous BISO, CISO, or senior security leadership experience in high-growth technology companies.
• Knowledge of regulatory frameworks specific to financial services and digital assets.
• Product security experience integrating controls into SDLC and designing security features for product engineering teams.
• Experience evaluating companies and merging security programs through acquisitions or partnerships.

Compensation

Pay Range: $275,400 — $324,000 USD (target annual salary; full-time offers also include target bonus, target equity, and benefits including medical, dental, vision, and 401(k)).

Work arrangement

Remote-first but not remote-only; in-person participation expected throughout the year for team and company offsites and other events.

Benefits

• Medical, dental, and vision plans with generous employee contributions
• Health Savings Account with company contributions
• Disability and life insurance
• 401(k) plan with company match
• Wellness stipend
• Mobile/internet reimbursement
• Connections stipend
• Volunteer time off
• Fertility counseling and benefits
• Generous time off/leave policy
• Option to get paid in digital currency

Job #: P69492