Senior Manager, Technology Risk

Details

At Coinbase, our mission is to increase economic freedom in the world. It’s a massive, ambitious opportunity that demands the best of us, every day, as we build the emerging onchain platform — and with it, the future global financial system.

To achieve our mission, Coinbase is seeking a Senior Manager for the expanding Technology Risk function. You will serve as a member of the Coinbase Technology Risk & Controls team and support the implementation and maturity of the technology and security risk management program. The role requires partnering with engineering and technical teams to define, quantify, manage, and communicate risks and to use outcomes to inform business decisions.

Responsibilities

• Enable risk-informed business outcomes by clearly communicating quantitative and qualitative tradeoffs to teams and leadership.
• Serve as a technical partner and sounding board: challenge engineering assumptions on risk quantification, mitigation plans, and key risk indicators.
• Build, grow, and coach a team of technology and security risk analysts; provide performance feedback and foster a culture of agility and innovation.
• Manage risks throughout the risk lifecycle: intake, triage, analyze, and calculate inherent and residual risk with subject matter experts and risk owners.
• Facilitate agreement and documentation of risk treatment decisions; pressure test treatment decisions and validate execution of mitigation plans.
• Maintain a source-of-truth risk register: quality control data, support tooling, and implement automation/process improvements.
• Iterate on program elements: analyze variables to inform improvements to threat models and risk scoring methodologies.
• Report on risk posture via synchronous and asynchronous reporting, dashboards, and meetings with leadership and business risk owners.
• Develop and maintain communications and training plans, team runbooks, intra-web pages, and risk register metrics dashboards.
• Align with Enterprise Risk Management to escalate risks through the enterprise risk register and report relevant metrics to senior leadership.
• Collaborate globally to scale the program across Coinbase entities, products, and geographies; work with GRC, Legal, and Compliance for assessments and reporting to meet regulatory requirements.
• Support audit and regulatory inspections by compiling data for US and international audit/regulator inquiries.
• Maintain awareness of international regulation, emerging threats, forecasts, policies, and benchmarks.

Requirements

• 10+ years of experience working in a 1st or 2nd Line of Defense risk management function and/or Governance, Risk, and Compliance (GRC) organization.
• Experience working across both 1st and 2nd Line of Defense in highly technical domains or technical roles.
• Demonstrable outcomes partnering with highly technical teams (e.g., engineering organizations).
• Demonstrable examples of leveraging risk to enable the business rather than purely meeting regulatory or compliance requirements.
• Technology risk domain knowledge: ability to dig into technical risk solutions and perform technical quantitative risk assessments across IT domains such as asset management, resilience, systems development lifecycle, and infrastructure.
• Familiarity with standards and frameworks such as ISO 27001/27005, NIST CSF, COBIT, ITIL, DORA, and the FAIR risk quantification methodology.
• Strong written and verbal communication skills; ability to translate controls and risk standards into functional requirements for technical stakeholders at various levels.
• Comfortable with project management tooling (e.g., Jira, Archer) and strong organization/project management skills.
• Demonstrable experience managing and mentoring analysts; ability to grow and mature team capabilities.
• Ability to manage multiple assessments concurrently and operate effectively in ambiguous, complex environments.
• Drive for continuous learning and a willingness to embrace a steep learning curve.

Nice to Haves

• Experience supporting risk management in Technology or FinTech industries.
• Coding knowledge a plus (e.g., building data joins, integrations with GRC and data visualization tools).
• Working knowledge of major regulatory/legal frameworks (US/international) affecting technology organizations.
• Strong knowledge of risk/control issues related to evolving technology (e.g., crypto, mobile, cloud, data lakes, machine learning).
• Certifications such as CRISC, CISA, CISSP, CISM, or FAIR are a plus.
• Demonstrated beginner/intermediate knowledge of crypto, blockchain, or web3.

Pay Transparency

Depending on your work location, the target annual salary for this position can range as detailed below. Full time offers from Coinbase also include bonus eligibility, equity eligibility, and benefits (medical, dental, vision, and 401(k)).

Pay Range:

$230,265—$270,900 USD

Benefits

• Medical, Dental, and Vision plans
• Health Savings Account with company contributions
• Disability and Life Insurance
• 401(k) with company match
• Wellness stipend, mobile/internet reimbursement, connections stipend
• Volunteer Time Off, Fertility Counseling and Benefits
• Generous time off/leave policy
• Option to receive pay in digital currency

Additional Notes

• While many Coinbase roles are remote-first, they are not remote-only; in-person participation is required throughout the year for team and company-wide offsites. Attendance is expected and supported.
• Coinbase is an Equal Opportunity Employer and provides reasonable accommodations to individuals with disabilities. Applicants are subject to regional data privacy and employment rules as described in the job posting.