Manager, Third Party Security


February 5, 2021

Coinbase has built the world's leading compliant cryptocurrency platform serving over 30 million accounts in more than 100 countries. With multiple successful products, and our vocal advocacy for blockchain technology, we have played a major part in mainstream awareness and adoption of cryptocurrency. We are proud to offer an entire suite of products that are helping build the cryptoeconomy and increase economic freedom around the world.
There are a few things we look for across all hires we make at Coinbase, regardless of role or team. First, we look for signals that a candidate will thrive in a culture like ours, where we default to trust, embrace feedback, disrupt ourselves, and expect sustained high performance because we play as a championship team. Second, we expect all employees to commit to our mission-focused approach to our work. Finally, we seek people with the desire and capacity to build and share expertise in the frontier technologies of crypto and blockchain, in whatever way is most relevant to their role.
Coinbase stores more digital currency than any company in the world, making us a top tier target on the internet. Security is core to our mission and has been a key competitive differentiator for us as we scale worldwide. Essential to scaling is building and running a security risk and compliance program that reflects how we protect the data and assets in our care, to open the doors with customers, regulators, auditors, and other external stakeholders. If you love working with fast moving companies to manage risk, build operations from the ground up, and create positive change across the business, we’d like to speak with you about joining our team.
Coinbase is looking for a Third Party Security Manager to drive and implement the security risk management roadmap for the vendor management lifecycle, including how we evaluate, escalate, and collaborate with other teams to monitor vendor risk.
What you’ll be doing (ie. job duties):
  • Manage and mature third party security review program and collaborate with stakeholders to implement program improvements
  • Coach and support your people on day to day operations, stakeholder management, and clear communication
  • Work with the Vendor Management team to support continuous improvement of the entire vendor lifecycle
  • Collaborate with Vendor Management, Legal and Security to update company security policies to reflect evolving global regulation and requirements
  • Build relationships with a broad range of Coinbase employees at all levels to accomplish program objectives and further Coinbase Security goals
  • Manage internal and external stakeholder relationships and collectively produce program updates, escalations, issue resolution, and metrics
  • Develop and use data to help support continuous improvement, performance, and risk metrics
  • Work closely with the business to identify, assess, and document third party relationships, including the regular review of vendors and critical outsourcing arrangements
  • Work with cross-functional partners to devise an integrated strategy and deliverables for our third party risk roadmap
  • Own the implementation of robust third party controls and monitor arrangements on an ongoing basis

What we look for in you (ie. job requirements):
  • Outstanding written and spoken communication skills
  • Ability to effectively and autonomously accomplish outcomes across cross-functional teams in ambiguous situations with minimal supervision
  • Experience of operational/technology risk management with a focus on third parties
  • Strong understanding and audit experience of cloud technologies, AWS preferred
  • Ability to multitask, prioritize work and meet deadlines in a fast paced environment
  • Focus on precision and accuracy, and the drive to clarify ambiguity
  • 5+ years of security/IT risk & compliance experience
  • Solid domain knowledge of information security and cyber risk
  • Experience of desk and site-based audits

Nice to haves:
  • BA or BS in a technical discipline or equivalent experience
  • Knowledge of third party industry frameworks, such as VASQ, SIG, and CSA
  • Hands-on experience with security frameworks such as SOC 2, PCI-DSS, or ISO27001
  • Security certifications e.g. CISA, CISSP, CISM or other relevant certifications
  • Understanding of regulations governing outsourcing in banking and financial services
  • Experience in cloud security