Coinbase is looking for a creative and analytical Director of Technology Risk. You will serve as a member of the Coinbase Technology Risk leadership team and oversee our technology and security risk management program. Your risk team will define, quantify, manage, and communicate risks, and use outcomes to inform business decisions. You will serve as the subject matter expert in technology risk management operations, and will make these applicable and usable for fast-moving technical teams located across global time zones. 

What you’ll be doing (i.e. job duties)

• Lead and oversee the second line technology and security risk team, framing and driving the vision for a Technology Risk Management framework across the three lines of defense.
• Lead company-wide technology and security risk initiatives. Collaborate with technology and security leadership to design and implement efficient methods for identifying, surfacing, and reporting risks across the business.
• Build, grow, and coach a team of technology and security risk analysts; foster a culture of agility and innovation, and provide ongoing performance feedback.
• Oversee the implementation of risk policies, standards, and technologies to establish scalable processes that grow with the business.
• Facilitate periodic second line technology and security risk assessments across production and corporate environments, enabling teams to describe risks in both qualitative and quantitative terms.
• Ensure monitoring is in place for all risk treatment activities, maintaining clear communication with risk owners.
• Collaborate with global stakeholders, including international risk management partners, to build a security risk management program that supports multiple entities, products, and global locations.
• Keep up with international regulations, emerging threats, forecasts, policies, and benchmarks, integrating these into technology and security risk management methodologies and practices.
• Partner with Enterprise Risk Management (ERM) and Operational Risk programs to provide effective and consistent second line oversight.
• Develop communication plans to roll out the security risk program across the organization and provide ongoing education and support to teams.

What we look for in you (ie. job requirements)

• Minimum of 12 years of relevant experience in technology risk, information security risk, IT audit, and/or a related domain, with 8+ years of management experience
• Solid communicator and writer; experience with drafting project plans across multiple stakeholders, holding teams accountable to their deliverables, and producing final reports
• Proven ability to embed risk management practices within operations. 
• Knowledge of and experience with security and security risk standards and frameworks, such as the NIST Cybersecurity Framework, NIST RMF, COBIT, ISO 27005, DORA, FAIR risk quantification methodology, etc.
• Expertise in all phases of the risk management lifecycle and execution of these phases within a technology or security risk management program
• Self-motivated and demonstrate a sense of urgency in high-intensity environments
• Shift nimbly between strategy and operations to drive the program’s success 
• Ability to communicate with technical and non-technical stakeholders including senior management in order to drive alignment
• Enjoy solving hard problems and can turn incomplete, conflicting, or ambiguous inputs into action plans. Experience deconflicting roles and responsibilities and driving clarity. 
• Ability to leverage data to inform critical decisions and make recommendations
• Able to manage multiple stakeholders and priorities simultaneously
• Experience interacting with regulators
• Knowledge of a cloud-services environment
• Expertise in automation and building scalable solutions

Nice to haves:

• Fintech, tech, or financial services experience
• Advanced knowledge of cloud computing, Google apps, JIRA, Confluence
• Master's degree or equivalent combination of education and experience (ex. in a technical area, business administration, industrial engineering)
• Quantitative modeling and data visualization 
• Prior crypto experience and a demonstrated interest in cryptocurrencies and blockchain technologies 
• Information security risk management qualifications like CRISC, CISM, CISA, etc.

Job #: P62059