Senior Analyst, Tech Risk

Ready to be pushed beyond what you think you're capable of?

At Coinbase, our mission is to increase economic freedom in the world. It's a massive, ambitious opportunity that demands the best of us, every day, as we build the emerging onchain platform - and with it, the future global financial system.

To achieve our mission, we're seeking a very specific candidate. We want someone who is passionate about our mission and who believes in the power of crypto and blockchain technology to update the financial system. We want someone who is eager to leave their mark on the world, who relishes the pressure and privilege of working with high caliber colleagues, and who actively seeks feedback to keep leveling up. We want someone who will run towards, not away from, solving the company's hardest problems.

Our work culture is intense and isn't for everyone. But if you want to build the future alongside others who excel in their disciplines and expect the same from you, there's no better place to be.

While many roles at Coinbase are remote-first, we are not remote-only. In-person participation is required throughout the year. Team and company-wide offsites are held multiple times annually to foster collaboration, connection, and alignment. Attendance is expected and fully supported.

We are looking for a skilled Technology Risk & Controls Analyst to join our APAC Second Line of Defense (2LOD) team. In this role, you will provide crucial 2LOD oversight of technology and cybersecurity risks, with a strong emphasis on aligning with the Monetary Authority of Singapore (MAS) Technology Risk Management (TRM) Guidelines and other APAC regional regulatory frameworks. As part of the regional technology risk function, your responsibilities will include conducting independent risk assessments, offering credible challenges to first-line activities, and monitoring the effectiveness of technology controls. You will collaborate cross-functionally to ensure that emerging risks are identified, assessed, and appropriately mitigated to maintain a robust risk posture.

What you'll be doing (ie. job duties):

• Conduct independent second line assessments of technology and cybersecurity risks, ensuring alignment with Coinbase's risk appetite and regional regulatory expectations.
• Execute and sustain governance controls and oversight mechanisms to ensure ongoing compliance with MAS TRM, RBI Cybersecurity Framework (CSF), and other applicable regional regulations.
• Review and challenge the effectiveness of technology and cyber controls implemented by the First Line of Defense and global teams.
• Develop, track, and report on Key Risk Indicators (KRIs) and control metrics to support continuous monitoring and risk-informed decision making.
• Localize and assess global technology, security policies and standards to ensure they meet jurisdiction-specific regulatory requirements.
• Partner with engineering, product, and cybersecurity teams to strengthen detection, response, and remediation capabilities for security incidents.
• Prepare materials for senior governance forums, including operations and risk oversight committees and board-level reporting.
• Maintain documentation to support regulatory submissions, internal audits, and assurance reviews.
• Present clear, data-driven risk and control insights to senior management and cross-functional stakeholders.
• Effectively communicate risk issues and recommendations across technical and non-technical audiences.

• 5+ years of experience in technology governance, risk management, or compliance, preferably within financial services or a regulated technology environment.
• Strong working knowledge of MAS Technology Risk Management (TRM) Guidelines, Cyber Hygiene Notices, Outsourcing Guidelines, and Business Continuity Management (BCM) Guidelines, as well as the RBI Cybersecurity Framework (CSF).
• Familiarity with global technology and risk frameworks such as NIST CSF, COBIT, and ITIL.
• Deep understanding of risk management principles, including technology risk identification, assessment, control design, and monitoring.
• Demonstrated experience leading or supporting remediation projects driven by regulatory changes or audit findings.
• Ability to analyze and synthesize ambiguous or incomplete inputs into clear, actionable plans.
• Experience working in cloud-native environments and navigating associated risks and controls.
• Proficiency in using data and metrics to drive risk-informed decisions and communicate risk posture effectively.
• Prior experience engaging with auditors and regulators, including regulatory reporting and audit response preparation.
• Proven ability to manage multiple stakeholders and competing priorities in a fast-paced, cross-functional environment.

• Proficiency in SQL, ideally in Snowflake or a similar data platform.
• Experience with Looker or other business intelligence and data visualization tools.
• Background in high-security or highly regulated industries such as fintech, crypto, or traditional financial services.
• Professional certifications such as CRISC, CISSP, CISM, or other relevant designations.
• Bachelor's degree in Information Security, Computer Science, Engineering, or a related technical discipline.

• Group Medical Insurance covered at 100% for employees and dependants
• Dental insurance covered at 100% for employees and dependants
• Travel Medical Policy - Global Traveler
• Employee Stock Purchase Plan (ESPP)
• Wellness Stipend
• Mobile/Internet Reimbursement
• Connections Stipend
• Learning & Development Allowance
• Employee Assistance Program
• Fertility Benefits
• Generous Time Off/Leave Policy