Senior Analyst, Technology Risk

About Coinbase

At Coinbase, our mission is to increase economic freedom in the world. It’s a massive, ambitious opportunity that demands the best of us, every day, as we build the emerging onchain platform — and with it, the future global financial system. To achieve our mission, we’re seeking a very specific candidate: someone passionate about our mission, who believes in the power of crypto and blockchain technology, and is eager to leave their mark. We look for individuals who relish the pressure and privilege of working with high-caliber colleagues, actively seek feedback, and run towards solving the company’s hardest problems. While many roles at Coinbase are remote-first, in-person participation is required throughout the year for team and company-wide offsites to foster collaboration, connection, and alignment. Attendance is expected and fully supported.

The Opportunity: Senior Analyst, Technology Risk

Coinbase is seeking a creative and analytical Senior Analyst, Technology Risk to join the Technology Risk & Controls team. In this pivotal role, you will support the implementation and maturity of our technology and security risk management program. Your team defines, quantifies, manages, and communicates risks, using outcomes to inform critical business decisions. You will serve as the subject matter expert in technology risk management operations, making them applicable and usable for fast-moving technical teams across global time zones.

What You’ll Be Doing

• Analyze multiple variables, including threat intelligence and risks, to inform threat models and risk scoring methodologies.
• Enable risk-informed business outcomes by clearly communicating quantitative and qualitative tradeoffs to teams and leadership.
• Manage risks throughout the risk lifecycle, including intake, triage, analysis, and calculation (inherent/residual) in collaboration with subject matter experts and risk owners.
• Facilitate agreement and documentation of risk treatment decisions, pressure testing them and validating execution of mitigation plans.
• Participate in continuous monitoring of risk treatment.
• Support synchronous and asynchronous reporting on findings, metrics, and recommended mitigations to business leadership.
• Maintain the source of truth risk register, ensuring quality control of data, tooling support, and implementing automation/process improvements.
• Support the development, execution, and maintenance of communication and training plans for the technology risk program.
• Maintain team runbooks, intra-web pages, and risk register metrics dashboards.
• Work in lockstep with Enterprise Risk Management to escalate risks and report relevant metrics to senior leadership.
• Collaborate with stakeholders to scale the program’s risk framework across Coinbase entities, products, and geographies.
• Regularly collaborate with GRC teams, Legal, and Compliance to meet regulatory requirements and support audit/regulatory inspections.
• Maintain awareness of international regulation, emerging threats, forecasts, policies, and benchmarks.
• Execute technical risk assessments across production and corporate environments, communicating risk in both qualitative and quantitative terms.

What We Look For In You

• 5+ years of experience in a 1st or 2nd Line of Defense risk management function and/or Governance, Risk, and Compliance (GRC).
• Strong risk domain knowledge and best practices, including familiarity with ISO 27001/5, NIST CSF, COBIT, ITIL, DORA, and FAIR risk quant methodology.
• Ability to delve into technical risk solutions and perform quantitative risk assessments across IT domains (asset management, resilience, SDLC, infrastructure).
• Comfortable using project management tooling (e.g., Jira, Archer) and quantitative/qualitative data analytics tools.
• Clear and concise communicator and writer, with experience drafting project plans and holding teams accountable.
• Ability to translate controls/risk standards into functional requirements for technical stakeholders.
• Working knowledge of major US/international regulatory/legal frameworks impacting technology organizations.
• Proven ability to navigate ambiguity and complexity, managing multiple assessments and operating in dynamic environments.
• Drive for continuous learning, willingness to embrace a steep learning curve, and pursue stretch opportunities.
• Excellent organization and project management skills in a fast-moving and demanding environment.

Nice To Haves

• Experience in FinTech, TradFi, consulting, business operations, or technical program management.
• Strong knowledge of risk/control issues related to evolving technology (e.g., crypto, mobile, cloud, data lakes, machine learning).
• Relevant certifications like CRISC, CISA, CISSP, CISM, and FAIR are a plus.
• Beginner/intermediate coding knowledge (e.g., data joins, GRC integrations, data visualization) is a plus.
• Demonstrated beginner/intermediate knowledge of crypto/blockchain/web3.

Key Skills/Competency

• Technology Risk Management
• Information Security
• GRC (Governance, Risk, Compliance)
• Risk Assessment
• NIST CSF
• ISO 27001
• FAIR Risk Quant Methodology
• Regulatory Compliance
• Project Management
• Blockchain/Crypto Knowledge