Senior Associate, Enterprise Risk Management and Controls
Coinbase has built the world's leading compliant cryptocurrency platform serving over 30 million accounts in more than 100 countries. With multiple successful products, and our vocal advocacy for blockchain technology, we have played a major part in mainstream awareness and adoption of cryptocurrency. We are proud to offer an entire suite of products that are helping build the cryptoeconomy, and increase economic freedom around the world.
There are a few things we look for across all hires we make at Coinbase, regardless of role or team. First, we assess whether a candidate demonstrates our values: Clear Communication, Positive Energy, Efficient Execution, and Continuous Learning. Second, we look for signals that a candidate will thrive in a culture like ours, where we default to trust, embrace feedback, disrupt ourselves, and expect sustained high performance because we play as a championship team. Finally, we seek people with the desire and capacity to build and share expertise in the frontier technologies of crypto and blockchain, in whatever way is most relevant to their role.
Read more about our values and culture here.
Responsibilities:
ERM Framework
- Supports the Senior Management ERM team
- Responsible for identifying and tracking the maintenance requirements and documenting the continued evolution of the dynamic global enterprise risk management framework in accordance with the 3 year plan, BAU practices and initiatives.
- Undertake structured ERM Framework quality assurance to ensure standards are inline with the Chartered IIA ERM Maturity Model and report as required
- Design proposals for management consideration in respect to appropriate research, scheduling, design and execution of awareness, training and workshops as required
Additional ERM Role Responsibilities
- Ensure oversight and monitoring of design and operating effectiveness of Internal Controls and results as well as preparation of relevant executive and key stakeholder reporting
- Understand key processes, risks and controls that accurately assess implications for the company
- Assess potential business changes for impact and compliance objectives for Internal Controls as well as updating documentation including process flowcharts, risk and control matrix and evaluation controls as new systems are developed and/or process changes
- Coordinate work with external parties on internal controls framework for controls
- Assist with the education and facilitate workshops and training for risk and control owners
Strategic Objectives
- Support development of strategically aligned Objective Key Results (“KRIs”)
- Deliver and lead OKR achievements as required
Corporate Collaboration
1LoD
- Partner with the business globally (Country and SME Risk Community) to identify risks, key risk indicators/metrics and controls in their 1st Line of Defense (“1LoD”)areas of responsibility and once identified, ensure proactive ownership and management of residual risks against risk appetite
- Serve as an enterprise-wide advisor to the organization, educating the business and helping them design and/or remediate controls weaknesses, using GRC data analytics and monitoring to focus in on key areas
- Collaborate with global risk and control owners to ensure cohesive and comprehensive external interactions with banking partners, clients and regulators
- Collaborate with local teams to prepare and document responses and gather materials for licence applications, third party partners, and examination agendas globally; ensure accuracy of responses, leveraging prior communications or responses to ensure consistency
3LoD & 3rd Parties
- Collaborate with 3LoD internal and external audit assurance providers to ensure a global routine of testing and results reporting to serve as a measure for the design and operating effectiveness of controls and risk management
- Collaborate with Vendor Management team to establish third party risk and control effectiveness of external and/or third party control environments
Governance and Reporting
- Act as global co-custodian of all registered documents, by coordinating approval of executive-ready policies, as required by the Coinbase Global, Inc. Board of Directors and Enterprise Risk Management Working Group (ERMWG)
- Provide administrative support for ERMWG and draft report material as directed
Employee Engagement
- Enact and advocate the Coinbase Values and Culture
- Respond positively and progressively to Employee Engagement surveys
Top 10 Priority Deliverables
- Enterprise-wide risk register and risk owner profiles
- Integrated internal control framework
- 2LoD facilitation of assurance programs (testing regimes etc) e.g., CMP, IA, PCI, SOC 1&2, ICFR
- SOC 1/2 Facilitation and Report output
- ICFR Facilitation and Report output
- Senior management/Board risk and assurance reporting
- 2LoD Monitoring of policies, risks, controls, test results, issues
- ERM Data Analytics
- Reports and notification alerts
- Issues management capability
- Communication and awareness programs, e.g., workshops, training etc.
Essential Qualifications/Requirements:
- Degree in accounting/finance or related fields
- 4+ years of financial services or technology experience in Professional Services (Audit/Advisory), Risk Management, Finance, Accounting, Compliance or related functions
- Experience with ICFR/SOC
- Exceptional analytical skills
- Excellent written and verbal communication skills
- Ability to travel regionally, at times internationally
Preferred Qualifications/Requirements:
- Experience working in a fast paced organization
- Entrepreneurial attitude and experience with, or the ability to adapt to, a rapidly growing start-up with associated complexities and ambiguities
- Effective project management skills with the ability to oversee multiple projects at any one time
- Ability to work across functions and time zones
- Understanding of crypto, payments and/or financial services industry, and experience in assessing risk or auditing information systems and controls
- Experience utilizing the following tools: RSA Archer, JIRA, Confluence, GSuite, Lucidchart, Looker