Manager, Security Policy and Governance
Coinbase has built the world's leading compliant cryptocurrency platform serving over 30 million accounts in more than 100 countries. With multiple successful products, and our vocal advocacy for blockchain technology, we have played a major part in mainstream awareness and adoption of cryptocurrency. We are proud to offer an entire suite of products that are helping build the cryptoeconomy and increase economic freedom around the world.
There are a few things we look for across all hires we make at Coinbase, regardless of role or team. First, we look for signals that a candidate will thrive in a culture like ours, where we default to trust, embrace feedback, disrupt ourselves, and expect sustained high performance because we play as a championship team. Second, we expect all employees to commit to our mission-focused approach to our work. Finally, we seek people with the desire and capacity to build and share expertise in the frontier technologies of crypto and blockchain, in whatever way is most relevant to their role.
Coinbase is looking for an experienced Security Policy and Governance Manager to join the team. The Security Policy Manager will steer development, maintenance, and evolution of the security policy framework, and work with all security teams to implement and track exceptions to policies, standards, and plans over time. This role will also partner across Security to define and collect Security-wide KPIs and other key metrics, and advise teams on achieving their maturity targets over time.
What you’ll be doing (ie. job duties):
- Design, organize, and implement the policy framework for all Security policies, standards, procedures, and plans in partnership with Security teams (including information security and physical security) and Enterprise Risk Management
- Review and make recommendations for streamlining existing and future security policies
- Create a process and collateral for rolling out new security policies to the whole company
- Establish, document, and broadly communicate security policy norms to the Security organization, outlining how to create, update, and deprecate security policies in line with enterprise policy requirements
- Collaborate within Security GRC and regional partners to support audits and examinations, track policy implementation and issues, and incorporate global security compliance requirements into the Security policy framework
- Manage the Security Exception Process to enable Security teams to track exceptions, manage approvals, and improve automation
- Collaborate with US and other regional technology partners, including regional security managers, to streamline security and technology risk policy development and implementation across multiple Coinbase entities, products, and locations
- Assess security policies of Coinbase acquisitions, and appropriately integrate them into the Coinbase policy hierarchy
- Partner with Security and Privacy teams to develop key performance indicators for the Security organization
- Grow a small team of Policy Analysts over time to document effective policies for Coinbase, track policy implementation, and advise on governance models
What we look for in you (ie. job requirements):
- Minimum of 7+ years of relevant experience in information security policy, risk or compliance, including assessing security risks and controls for global organizations
- Experience with global security standards such as ISO 27001, NIST CSF, PCI DSS 3.2, or SOC 2
- Expert, communicator and writer; you can coach others on their writing skills, you can adapt your communication style for your audience, and you have experience drafting policies, reports, and other written materials for a variety of executive audiences
- Knowledge of global cybersecurity and data privacy regulatory requirements for financial services
- Experience reporting policy and compliance posture to senior stakeholders
- Ability to direct cross functional work and hold others accountable to committed deadlines
- Knowledge of a cloud-services environment
Nice to haves:
- Security certifications, e.g. CISA, CISM, CISSP, CRISC
- Experience working with GRC tools, e.g. RSA Archer, Metricstream
Coinbase is committed to diversity in its workforce and is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, sex, gender expression or identity, sexual orientation or any other basis protected by applicable law. Coinbase will also consider for employment qualified applicants with criminal histories in a manner consistent with applicable federal, state and local law. For US applicants, you may view Pay Transparency, Employee Rights and Equal Employment Opportunity is the Law notices by clicking on their corresponding links. Additionally, Coinbase participates in the E-Verify program in certain locations, as required by law.
Coinbase is also committed to providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please send an e-mail to [email protected] and let us know the nature of your request and your contact information. For quick access to screen reading technology compatible with this site click here to download a free compatible screen reader (free step by step tutorial can be found here).
Global Data Privacy Notice for Job Candidates and Applicants
Depending on your location, the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) may regulate the way we manage the data of job applicants. Our full notice outlining how data will be processed as part of the application procedure for applicable locations is available here: Ireland/EU, United Kingdom, and California. By submitting your application, you are agreeing to our use and processing of your data as required.