Lead, Technology Risk

Details

At Coinbase, our mission is to increase economic freedom in the world. The Technology Risk team supports the implementation and maturity of Coinbase's technology and security risk management program. This role partners with fast-moving technical teams across global time zones to define, quantify, manage, and communicate risks and to use outcomes to inform business decisions. The team values high-caliber colleagues, an intense work culture, and in-person participation throughout the year for offsites and collaboration.

Responsibilities

• Enable risk-informed business outcomes by communicating quantitative and qualitative tradeoffs to teams and leadership.
• Manage risks throughout the risk lifecycle: intake, triage, analyze, and calculate inherent and residual risk in collaboration with subject matter experts and risk owners. Facilitate agreement and documentation of risk treatment decisions, pressure test treatment decisions, and validate execution of mitigation plans. Participate in continuous monitoring of risk treatment.
• Maintain a source-of-truth risk register: perform quality control of data, support tooling, and implement automation and process improvements to improve risk management data and tooling.
• Iterate on program elements by analyzing multiple variables to improve threat models and risk scoring methodologies.
• Report on risk posture: prepare synchronous and asynchronous reporting on findings and metrics and recommend mitigations to business leadership; participate in ad hoc and scheduled meetings with leadership and risk owners.
• Communications and training: develop, execute, and maintain communication and training plans to roll out the technology risk program. Maintain team runbooks, intra-web pages, and risk register metrics dashboards.
• Build, grow, and coach a team of technology and security risk analysts; provide ongoing performance feedback and foster a culture of agility and innovation.
• Align with Enterprise Risk Management to escalate risks through the enterprise risk register and report relevant metrics to senior leadership as needed.
• Global engagement: scale the program’s risk framework across Coinbase entities, products, and geographies; collaborate with GRC teams, Legal, and Compliance for risks, assessments, and reporting to meet regulatory requirements.
• Support audit and regulatory inspections by compiling data to respond to US and international audit/regulator inquiries.
• Maintain an industry pulse on international regulation, emerging threats, forecasts, policies, and benchmarks.

Requirements

• 8+ years of experience working in a 1st or 2nd Line of Defense risk management function and/or Governance, Risk, and Compliance (GRC) organization.
• Risk domain knowledge and best practices, with familiarity with standards and frameworks (examples cited: ISO 27001/27005, NIST CSF, COBIT, ITIL, DORA) and FAIR risk quantification methodology.
• Technology risk domain knowledge across IT domains such as asset management, resilience, systems development lifecycle, and infrastructure; ability to perform technical quantitative risk assessments.
• Comfortable working with project management tooling (examples: Jira, Archer) and quantitative and qualitative data analytics tooling.
• Strong written and verbal communication skills; ability to draft and operationalize project plans across stakeholders and translate controls/risk standards into functional requirements for technical audiences.
• Demonstrable experience managing and mentoring analysts to grow their capabilities and careers.
• Working knowledge of major regulatory and legal frameworks (US and international) that drive requirements across technology organizations.
• Ability to navigate ambiguity and manage multiple assessments against strategic priorities.
• Drive for continuous learning and willingness to embrace a steep learning curve.
• Excellent organization and project management skills in a fast-moving and demanding environment.

Nice to haves

• Background in FinTech, TradFi, consulting, business operations technical program management, or other customer-facing disciplines.
• Strong knowledge of risk/control issues in relation to evolving technology (crypto, mobile, cloud, data lakes, machine learning).
• Certifications such as CRISC, CISA, CISSP, CISM, and FAIR are a plus (not required).
• Coding knowledge is a plus (examples: building data joins, integrations with GRC and data visualization tools).
• Demonstrated beginner/intermediate knowledge of crypto/blockchain/web3.

Benefits & Pay

• Pay Range (target annual salary): $193,970 — $228,200 USD. Full-time offers also include target bonus, target equity, and benefits (medical, dental, vision, 401(k)).
• Benefits include medical/dental/vision plans, HSA contributions, disability and life insurance, 401(k) match, wellness stipend, mobile/internet reimbursement, connections stipend, volunteer time off, fertility counseling and benefits, generous time off/leave policy, and the option to get paid in digital currency.

Additional notes

• Position ID: P69486
• #LI-Remote — Coinbase is remote-first but not remote-only; in-person participation is required throughout the year for team and company-wide offsites and collaboration.
• Coinbase is an Equal Opportunity Employer and provides reasonable accommodations for disability during the hiring process.