Senior Security Compliance Analyst

About Coinbase

At Coinbase, our mission is to increase economic freedom in the world. We are building the emerging onchain platform and the future global financial system. We seek passionate individuals who believe in crypto and blockchain technology, are eager to leave their mark, thrive under pressure with high-caliber colleagues, actively seek feedback, and are driven to solve the company's hardest problems. Our intense work culture demands the best, offering an unparalleled environment for those dedicated to building the future.

Work Arrangement

While many roles at Coinbase are remote-first, in-person participation is required throughout the year. Team and company-wide offsites are held multiple times annually to foster collaboration, connection, and alignment. Attendance is expected and fully supported.

The Role: Senior Security Compliance Analyst

Coinbase stores more digital currency than any company globally, making security a core mission and key competitive differentiator. We are scaling our security compliance program to protect data and assets, opening doors with customers, regulators, auditors, and external stakeholders. If you enjoy growing security compliance engines and driving positive change, we invite you to join our team. Coinbase is looking for a Senior Security Compliance Analyst to lead second-line IT SOX initiatives and mature the IT SOX program.

What you’ll be doing:

• Lead Security and IT initiatives to support the SOX roadmap and advance program maturity.
• Assist with SOX planning activities, including scoping of IT systems and creating training material for owners in preparation for SOX audit.
• Lead security control gap assessments over the SOX control environment, recommend remediation plans, and track through completion.
• Assess SOX implications of new products, update relevant controls, and communicate requirements to the product organization and other stakeholders.
• Provide ongoing reporting to stakeholders and leadership on responsibilities, communicating progress and escalating issues to management.
• Perform SOX audit and control impact analysis as a result of security and technology incidents, partnering with owning teams on control uplift activities.
• Build close relationships with stakeholder teams including Security, IT, Infrastructure, Engineering, Data, and Finance to advise on SOX requirements and ensure excellence in control ownership.
• Create and improve SOX procedural documentation, including process documentation, data flow diagrams, and uplifting templates.
• Work closely with internal and external auditors to educate them about a complex technology control environment.
• Oversee quality of audit initiatives, identify and analyze process gaps, and provide guidance and expertise to team members.
• Develop creative solutions to prove risk mitigation and solve for complex audit problems faced by the crypto industry.
• Identify opportunities to address systemic program challenges, recommend solutions, and drive efficiency through AI and automation.

What we look for in you:

• Minimum of 5+ years of security/IT compliance or equivalent experience.
• Strong knowledge and hands-on experience in Internal Controls over Financial Reporting, SOX 404 frameworks, and testing to support compliance.
• Prior experience at a big 4 accounting firm.
• Experience leading compliance initiatives from start to finish.
• Proven understanding and audit experience of cloud technologies, AWS preferred.
• Ability to effectively and autonomously accomplish outcomes across cross-functional teams in ambiguous situations with minimal supervision.
• Strong oral and written communication skills.
• Ability to multitask, direct cross functional work, and hold others accountable to committed deadlines in a fast paced environment.
• Ability to communicate with technical / non-technical stakeholders to align on shared outcomes.
• Experience in Financial services, Big Tech, or FinTech.

Nice to haves:

• BA or BS in a technical field or equivalent experience.
• Security certifications e.g. CISA, CISSP, CISM or other relevant certifications.
• Experience auditing in Crypto space.

Key skills/competency:

• SOX Compliance
• IT Audit
• Security Compliance
• Internal Controls
• Risk Mitigation
• Cloud Security (AWS)
• Cross-functional Collaboration
• Process Improvement
• Financial Reporting
• Regulatory Compliance