Security Engineer, GRC
Writer
Cloud
Senior Analyst, Technology Risk
Coinbase
full-time
Posted on:
Origin: • 🇺🇸 United States
Visit company websiteSalary
💰 $167,280 - $196,800 per year
Job Level
Senior
Tech Stack
CloudWeb3
About the role
- Analysis of multiple variables, including but not limited to, threat intelligence and risks, to inform threat models/risk scoring methodologies.
- Enable teams and leadership to make risk-based decisions by clearly communicating quantitative and qualitative tradeoffs.
- Intake, triage, analyze, and calculate (inherent/residual) risk in collaboration with subject matter experts and risk owners.
- Facilitate agreement and documentation of risk treatment decisions; pressure testing treatment decisions and validating execution of mitigation plans across stakeholders as required.
- Reporting on findings, metrics, and recommend mitigations to business leadership, including ad hoc and scheduled meetings with leadership and business risk owners.
- Maintain source of truth risk register: Quality control of data, tooling support, and implementing automation/process improvements.
- Support develop, execution, and maintenance of communication and training plans to roll out the technology risk program across the organization.
- Work with Enterprise Risk Management to escalate risks through the enterprise risk register and report relevant metrics to senior leadership.
- Collaborate with stakeholders to scale the program’s risk framework across Coinbase entities, products, and geographies/markets.
- Support data compilation to respond to US and international audit/regulator inquiries.
- Maintain awareness of international regulation, emerging threats, forecasts, policies, and benchmarks.
- Execute technical risk assessments across our production and corporate environments.
Requirements
- 5+ years of experience working in a 1 or 2 LoD risk management function and/or Governance, Risk, and Compliance organization.
- Familiarity with standards and frameworks e.g. ISO 27001/5, NIST CSF, COBIT, ITIL, DORA, FAIR risk quant methodology to measure controls/risks, monitor controls/risks, and validating/racking/evidencing remediation.
- Ability to dig into technical risk solutions and to work on technical quantitative risk assessments across information technology domains such as asset management, resilience, systems development lifecycle, and infrastructure.
- Comfortable working with project management tooling (e.g. Jira, Archer) and quant and qualitative data analytics tooling.
- Clear/concise communicator and writer; experience drafting/operationalizing project plans across stakeholders, holding teams accountable, and documenting deliverables to varying levels of junior and senior stakeholder audiences.
- Working knowledge of major regulatory/legal frameworks (US/international) driving requirements across technology organizations.
- Ability to manage a queue against strategic priorities and shows expertise in being able to handle multiple assessments at a time.
- Willingness to learn and apply processes unique to the challenges at Coinbase.
- Excellent organization and project management skills in a fast-moving and demanding environment.
