Director, Technology Risk

Details

Coinbase is looking for a creative and analytical Director of Technology Risk to join the Technology Risk leadership team and oversee the technology and security risk management program. The role will define, quantify, manage, and communicate risks to inform business decisions and make risk management operations applicable and usable for fast-moving technical teams across global time zones. The company is remote-first but not remote-only; in-person participation is required throughout the year for team and company-wide offsites.

Responsibilities

• Lead and oversee the second-line technology and security risk team; define and drive the vision for a Technology Risk Management framework across the three lines of defense.
• Lead company-wide technology and security risk initiatives; collaborate with technology and security leadership to design and implement methods for identifying, surfacing, and reporting risks across the business.
• Build, grow, and coach a team of technology and security risk analysts; foster a culture of agility and innovation; provide ongoing performance feedback.
• Oversee implementation of risk policies, standards, and technologies to establish scalable processes that grow with the business.
• Facilitate periodic second-line technology and security risk assessments across production and corporate environments; enable teams to describe risks in both qualitative and quantitative terms.
• Ensure monitoring is in place for all risk treatment activities and maintain clear communication with risk owners.
• Collaborate with global stakeholders and international risk management partners to build a security risk management program that supports multiple entities, products, and global locations.
• Keep up with international regulations, emerging threats, forecasts, policies, and benchmarks, and integrate these into risk management methodologies and practices.
• Partner with Enterprise Risk Management (ERM) and Operational Risk programs to provide consistent second-line oversight.
• Develop communication plans to roll out the security risk program across the organization and provide ongoing education and support to teams.

Requirements

• 12+ years of relevant experience in technology risk, information security risk, IT audit, and/or a related domain, with 8+ years of management experience.
• Strong written and verbal communication skills; experience drafting project plans across multiple stakeholders, holding teams accountable, and producing final reports.
• Proven ability to embed risk management practices within operations.
• Knowledge of and experience with security and security risk standards and frameworks, such as the NIST Cybersecurity Framework, NIST RMF, COBIT, ISO 27005, DORA, and FAIR risk quantification methodology.
• Expertise in all phases of the risk management lifecycle and execution within a technology or security risk management program.
• Self-motivated, able to demonstrate a sense of urgency in high-intensity environments.
• Ability to shift between strategy and operations to drive program success.
• Ability to communicate with technical and non-technical stakeholders including senior management to drive alignment.
• Ability to turn incomplete, conflicting, or ambiguous inputs into action plans and drive clarity across roles and responsibilities.
• Ability to leverage data to inform decisions and make recommendations; manage multiple stakeholders and priorities simultaneously.
• Experience interacting with regulators.
• Knowledge of a cloud-services environment.
• Expertise in automation and building scalable solutions.

Nice to haves

• Fintech, tech, or financial services experience.
• Advanced knowledge of cloud computing, Google apps, JIRA, Confluence.
• Master's degree or equivalent combination of education and experience.
• Quantitative modeling and data visualization experience.
• Prior crypto experience and demonstrated interest in cryptocurrencies and blockchain technologies.
• Information security risk management qualifications like CRISC, CISM, CISA.

Compensation

• Pay Range: $267,325 — $314,500 USD (target annual salary; full-time offers also include target bonus, target equity, and benefits).

Benefits & Other Details

• Benefits include medical, dental, vision, HSA contributions, disability and life insurance, 401(k) with company match, wellness stipend, mobile/internet reimbursement, connections stipend, volunteer time off, fertility counseling and benefits, generous time off/leave policy, and the option to get paid in digital currency.
• Job #: P62059
• #LI-Remote
• Coinbase is an equal opportunity employer and provides reasonable accommodations for applicants with disabilities.