Manager, Third Party Security
Coinbase has built the world's leading compliant cryptocurrency platform serving over 30 million accounts in more than 100 countries. With multiple successful products, and our vocal advocacy for blockchain technology, we have played a major part in mainstream awareness and adoption of cryptocurrency. We are proud to offer an entire suite of products that are helping build the cryptoeconomy and increase economic freedom around the world.
There are a few things we look for across all hires we make at Coinbase, regardless of role or team. First, we look for signals that a candidate will thrive in a culture like ours, where we default to trust, embrace feedback, disrupt ourselves, and expect sustained high performance because we play as a championship team. Second, we expect all employees to commit to our mission-focused approach to our work. Finally, we seek people with the desire and capacity to build and share expertise in the frontier technologies of crypto and blockchain, in whatever way is most relevant to their role.
Coinbase stores more digital currency than any company in the world, making us a top tier target on the internet. Security is core to our mission and has been a key competitive differentiator for us as we scale worldwide. Essential to scaling is building and running a security risk and compliance program that reflects how we protect the data and assets in our care, to open the doors with customers, regulators, auditors, and other external stakeholders. If you love working with fast moving companies to manage risk, build operations from the ground up, and create positive change across the business, we’d like to speak with you about joining our team.
Coinbase is looking for a Third Party Security Manager to drive and implement the security risk management roadmap for the vendor management lifecycle, including how we evaluate, escalate, and collaborate with other teams to monitor vendor risk.
What you’ll be doing (ie. job duties):
- Manage and mature third party security review program and collaborate with stakeholders to implement program improvements
- Coach and support your people on day to day operations, stakeholder management, and clear communication
- Work with the Vendor Management team to support continuous improvement of the entire vendor lifecycle
- Collaborate with Vendor Management, Legal and Security to update company security policies to reflect evolving global regulation and requirements
- Build relationships with a broad range of Coinbase employees at all levels to accomplish program objectives and further Coinbase Security goals
- Manage internal and external stakeholder relationships and collectively produce program updates, escalations, issue resolution, and metrics
- Develop and use data to help support continuous improvement, performance, and risk metrics
- Work closely with the business to identify, assess, and document third party relationships, including the regular review of vendors and critical outsourcing arrangements
- Work with cross-functional partners to devise an integrated strategy and deliverables for our third party risk roadmap
- Own the implementation of robust third party controls and monitor arrangements on an ongoing basis
What we look for in you (ie. job requirements):
- Outstanding written and spoken communication skills
- Ability to effectively and autonomously accomplish outcomes across cross-functional teams in ambiguous situations with minimal supervision
- Experience of operational/technology risk management with a focus on third parties
- Strong understanding and audit experience of cloud technologies, AWS preferred
- Ability to multitask, prioritize work and meet deadlines in a fast paced environment
- Focus on precision and accuracy, and the drive to clarify ambiguity
- 5+ years of security/IT risk & compliance experience
- Solid domain knowledge of information security and cyber risk
- Experience of desk and site-based audits
Nice to haves:
- BA or BS in a technical discipline or equivalent experience
- Knowledge of third party industry frameworks, such as VASQ, SIG, and CSA
- Hands-on experience with security frameworks such as SOC 2, PCI-DSS, or ISO27001
- Security certifications e.g. CISA, CISSP, CISM or other relevant certifications
- Understanding of regulations governing outsourcing in banking and financial services
- Experience in cloud security
Coinbase is committed to diversity in its workforce and is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, sex, gender expression or identity, sexual orientation or any other basis protected by applicable law. Coinbase will also consider for employment qualified applicants with criminal histories in a manner consistent with applicable federal, state and local law. For US applicants, you may view Pay Transparency, Employee Rights and Equal Employment Opportunity is the Law notices by clicking on their corresponding links. Additionally, Coinbase participates in the E-Verify program in certain locations, as required by law.
Coinbase is also committed to providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please send an e-mail to [email protected] and let us know the nature of your request and your contact information. For quick access to screen reading technology compatible with this site click here to download a free compatible screen reader (free step by step tutorial can be found here).
Global Data Privacy Notice for Job Candidates and Applicants
Depending on your location, the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) may regulate the way we manage the data of job applicants. Our full notice outlining how data will be processed as part of the application procedure for applicable locations is available here: Ireland/EU, United Kingdom, and California. By submitting your application, you are agreeing to our use and processing of your data as required.