Business Information Security Officer

At Coinbase, we view security as one of our core product features. As part of this role, you would be joining the dedicated Security team supporting our Institutional business lines and helping to create a secure user experience for our customers. You will support operations for some of our core security processes, as well as partnering closely with our product partners and other core teams to help design product features that will maximize security without adding unnecessary friction. As part of this role, you’ll work closely with product engineers, cryptography engineers, and other technical teams, so a deep understanding of backend systems will be a significant benefit in this role. The Institutional business at Coinbase is evolving rapidly, making this a great opportunity to be a part of furthering Coinbase’s mission of being the Most Trusted crypto company.

What you'll be doing (ie. job duties):

• Lead and develop the comprehensive information security strategy and program as the foundational security leader supporting the local entity CEO
• Design, implement, and manage security threat modeling, penetration testing, secure cryptographic key management, and data separation initiatives
• Security leader of a small team of security specialists whose team will grow with the business
• Architect and deploy technical security infrastructure and controls to protect critical business assets and meet regulatory compliance requirements
• Lead engineering build activities for custom security tools, monitoring systems, and automated security controls tailored to business requirements
• Fully build and own all local security controls within the entity, ensuring comprehensive coverage of security functions from the ground up
• Conduct security analysis of software code, applications, and systems to identify vulnerabilities and implement remediation strategies
• Manage security operations and incident response procedures, including crisis communication and board-level reporting during security events
• Lead M&A due diligence activities to assess security risks and threat surfaces of potential acquisition targets
• Define and execute integration strategies for acquired companies, ensuring seamless security alignment and risk mitigation
• Evaluate and determine which security functions require in-house capabilities versus outsourced solutions to meet local regulatory and business needs
• Develop and maintain security policies, risk management frameworks, and compliance documentation aligned with industry best practices and regulatory requirements

What we look for in you (ie. job requirements):

• Proven expertise as a hands-on security practitioner with deep specialization in at least one of: penetration testing, software engineering, security architecture, or secure product development
• Strong software engineering background with ability to read, analyze, and perform security assessments of complex codebases
• Demonstrated experience designing and implementing technical security infrastructure, controls, and architectures at scale
• Leadership experience building and managing security teams, with ability to scale from individual contributor to management
• Security operations and incident response expertise, including crisis management and communication during security events
• Executive-level communication skills with ability to present security strategy and risk assessments to board members and C-suite executives
• Experience working in highly regulated industries with complex compliance requirements and regulatory frameworks
• Strong technical understanding of backend engineering architectures, cloud security, and modern application security principles
• Technical capability to evaluate when to insource or integrate security capabilities to strengthen and address organizational security needs
• Experience evaluating and determining which security functions require in-house capabilities versus outsourced solutions to meet regulatory and business needs

Nice to haves:

• Knowledge of cryptography, multi-party computation, and secure key management best practices
• Advanced penetration testing certifications such as OSCP, OSCE, GPEN, or similar hands-on security certifications
• Hands-on engineering experience building custom security tools, automation platforms, and infrastructure-as-code implementations
• Background in financial services, fintech, or cryptocurrency/blockchain security
• Master's degree in Information Security, Computer Science, Engineering, or related technical field
• Experience with security analytics platforms and threat hunting capabilities for data-driven security decision making
• Previous BISO, CISO, or senior security leadership experience in high-growth technology companies
• Knowledge of regulatory frameworks specific to financial services and digital assets
• Product security experience integrating security controls into software development lifecycles and designing security features for product engineering teams
• Experience evaluating companies and merging security programs through acquisition or partnership activities

Job #: P69492