Coinbase is looking for an agile, creative, and analytical Security Risk Management Lead. You are a systems thinker who will serve as a senior member of the security risk management program, enabling all security and privacy teams to define, measure, manage and drive decision making about security risks. This person will serve as the subject matter expert in security risk management standards and frameworks, and will make these applicable and usable for fast-moving technical teams located across time zones. You are a self-starter who can project manage and meet deliverable deadlines. You are comfortable wrapping your arms around risk management challenges on your own and while working within teams.

What you’ll be doing (ie. job duties):

• Facilitate security and privacy risk assessments across our production and corporate environments, enabling security and privacy teams to describe risk in both qualitative and quantitative terms
• Develop communication plans to roll out the security risk program across the security organization, and provide ongoing education and support to teams
• Maintain the security risk register, supporting tooling and automation 
• Ensure monitoring is in place for all risk treatment activities with communications in place with risk owners.  
• Enable teams and leadership to make risk-based decisions and trade-offs impacting security investment strategies and project prioritization
• Report on findings and recommend mitigations to senior management
• Program alignment with Enterprise Risk Management Framework and ensure to escalate risks to the appropriate audience
• Collaborate with regional stakeholders, including international risk management partners, to build a risk management program that is embedded across multiple Coinbase entities, products, and global locations
• Operationalise a Security Risk Management Framework ensuring all security risk related activities are managed accordingly. 
• Keep up with relevant international regulation, emerging threats, forecasts, policies and benchmarks, and integrate emerging requirements into security risk management methodologies and/or practices
• Partner with security stakeholders to integrate security and privacy risk reporting with the security maturity model

What we look for in you (ie. job requirements):

• Minimum of 8 years of relevant experience in information security risk management and/or a related domain
• Solid communicator and writer; experience with drafting project plans across multiple stakeholders, holding teams accountable to their deliverables, and producing final reports
• Knowledge of and experience with security and security risk standards and frameworks, especially ISO 27005 and the NIST Risk Management Framework , FAIR risk quantification methodology, etc.
• Expertise in all phases of the risk management lifecycle and execution of these phases within a security risk management program.  
• Expert at coordinating highly technical and non-technical teams
• Self-motivated and demonstrate a sense of urgency in high-intensity environments
• Problem-solve by designing, improving, and scaling procedures 
• Shift nimbly between ops, project management, and strategy to drive the program’s success

Nice to haves:

• Fintech, tech, financial services or consulting work history
• Master's degree or equivalent combination of education and experience (ex. in a technical area, business administration, industrial engineering)
• Knowledge of global regulatory requirements, including cybersecurity, data privacy, and global trade compliance
• Information security risk management qualifications like CRISC,, CISM, etc.
• Knowledge of a cloud-services environment
• Data visualization 
• Expertise in automation and building scalable solutions

ID: P1371305