Manager, Technology Risk

Details

At Coinbase, our mission is to increase economic freedom in the world. We are building an onchain platform and the future global financial system. Coinbase seeks a Manager for the Technology Risk function to join the Technology Risk & Controls team to support implementation and maturity of technology and security risk management across global technical teams. This role is remote-first but not remote-only — in-person participation is required throughout the year for team and company offsites.

Responsibilities

• Enable risk-informed business outcomes by communicating quantitative and qualitative tradeoffs to teams and leadership.
• Manage risks throughout the risk lifecycle: intake, triage, analyze and calculate inherent and residual risk in collaboration with subject matter experts and risk owners.
• Facilitate agreement and documentation of risk treatment decisions; pressure test treatment decisions and validate execution of mitigation plans. Participate in continuous monitoring of risk treatments.
• Maintain a source-of-truth risk register: quality control of data, tooling support, and implement automation/process improvements to improve risk management data and tooling.
• Iterate on program elements by analyzing multiple variables to improve threat models and risk scoring methodologies.
• Report on risk posture: support synchronous and asynchronous reporting on findings, metrics, and recommended mitigations to business leadership, including ad hoc and scheduled meetings with leadership and business risk owners.
• Communications and training: develop, execute, and maintain communication and training plans to roll out the technology risk program across the organization. Maintain runbooks, intra-web pages, and risk register metrics dashboards.
• Build, grow, and coach a team of technology and security risk analysts; provide ongoing performance feedback and foster a culture of agility and innovation.
• Align with Enterprise Risk Management to escalate risks through the enterprise risk register and report relevant metrics to senior leadership as necessary.
• Collaborate globally to scale the program’s risk framework across Coinbase entities, products, and geographies; work with GRC teams, Legal, and Compliance for risks, assessments, and reporting to meet regulatory requirements.
• Support audit and regulatory inspections by compiling data to respond to US and international audit/regulator inquiries.
• Maintain an industry pulse: stay aware of international regulation, emerging threats, forecasts, policies, and benchmarks.

Requirements

• 8+ years of experience working in a 1st or 2nd line of defense risk management function and/or Governance, Risk, and Compliance organization.
• Risk domain knowledge and best practices; familiarity with standards and frameworks such as ISO 27001/27005, NIST CSF, COBIT, ITIL, DORA, and FAIR risk quantification methodology.
• Technology risk domain knowledge and ability to perform technical quantitative risk assessments across domains such as asset management, resilience, systems development lifecycle, and infrastructure.
• Comfortable working with project management and GRC tooling (examples: Jira, Archer) and quantitative and qualitative data analytics tooling.
• Clear and concise communicator and writer; experience drafting and operationalizing project plans across stakeholders, holding teams accountable, and documenting deliverables for varied audiences.
• Demonstrable experience managing and mentoring analysts to grow and mature their capabilities and careers.
• Working knowledge of major regulatory and legal frameworks (US and international) driving requirements across technology organizations.
• Ability to navigate ambiguity and manage multiple assessments and priorities in a fast-moving environment.
• Strong organization and project management skills.
• Willingness to learn, embrace a steep learning curve, and apply processes unique to Coinbase.

Nice to haves

• Experience in FinTech, TradFi, consulting, technical program management, or other customer-facing disciplines.
• Strong knowledge of risk/control issues in relation to evolving technology (examples called out: crypto, mobile, cloud, data lakes, machine learning).
• Relevant certifications are a plus (CRISC, CISA, CISSP, CISM, FAIR).
• Coding knowledge is a plus (e.g., building data joins, integrations with GRC and data visualization tools).
• Demonstrated beginner/intermediate knowledge of crypto/blockchain/web3.

Benefits & Additional Info

• Full-time offers include bonus eligibility, equity eligibility, and benefits (medical, dental, vision, and 401(k)).
• Benefits include Health Savings Account with company contributions, disability and life insurance, wellness stipend, mobile/internet reimbursement, connections stipend, volunteer time off, fertility counseling and benefits, generous time off/leave policy, and the option of getting paid in digital currency.
• Pay Range (target annual salary): $193,970—$228,200 USD. Pay varies by work location. #LI-Remote

Other notes

• This role requires collaboration across global time zones and in-person participation at offsites multiple times per year. The role supports audit and regulatory responses for US and international inquiries.