Senior Analyst, Security Risk

Coinbase is looking for an experienced Security Risk Management Senior Analyst to join the team. The security risk analyst will steer the security risk management program, enabling all security and privacy teams to manage and drive decision making about security risks. As the Security Risk Management Senior Analyst, you are the subject matter expert in security risk management standards and frameworks, and will make these applicable and usable for fast-moving technical teams.

What you’ll be doing (ie. job duties):

• Facilitate security and privacy risk assessments across our production and corporate environments, enabling security and privacy teams to describe risk in both qualitative and quantitative terms
• Develop communication plans to roll out the security risk program across the security organization, and provide ongoing education and support to teams
• Maintain the Security Risk Register, supporting tooling & automation 
• Facilitate agreement and execution of mitigation plans across numerous business stakeholders 
• Enable teams and leadership to risk-based decisions and trade-offs impacting security investment strategies and project prioritization
• Report on findings and recommend mitigations to senior management
• Align with Enterprise Risk Management to escalate risks to the appropriate audience
• Collaborate with regional stakeholders, including international risk management partners, to build a risk management program that is embedded across multiple Coinbase entities, products, and global locations
• Regularly collaborate with Legal and Compliance to understand and meet regulatory requirements
• Keep up with relevant international regulation, emerging threats, forecasts, policies and benchmarks, and integrate emerging requirements into security risk management methodologies and/or practices
• Partner with security stakeholders to integrate security and privacy risk reporting with the security maturity model

What we look for in you (ie. job requirements):

• Minimum of 5+ years of relevant experience in information security risk management and/or security compliance
• Solid communicator and writer; experience with drafting project plans across multiple stakeholders, holding teams accountable to their deliverables, and producing final reports
• Knowledge of and experience with security standards and frameworks, especially ISO27001/5
• Understanding of security and security risk management frameworks: NIST CSF, FAIR risk quantification methodology, etc

Nice to haves:

• Master's degree or equivalent combination of education and experience (ex. in a technical area, business administration, industrial engineering)
• Knowledge of global regulatory requirements, including cybersecurity, data privacy and global trade compliance
• Information security risk management qualifications like CISA, CISSP, CISM, etc
• Knowledge of a cloud-services environment
• Expertise in automation and building scalable solutions

Position ID:  P69478

#LI-Remote