Back To All Jobs IT/Security Auditor
San Francisco, CA
Our vision is to bring more innovation, efficiency, and equality of opportunity by helping create an open financial system for the world. We are focused on making digital currency accessible to everyone. We are guided by these principles: be the most trusted company in our industry and create products that are easy to use.
Reporting to the Head of Internal Audit, the IT/Security Auditor will identify relevant risks & controls related to IT and cybersecurity. They will help implement and execute a consistent risk analysis framework, test business-level validation of control effectiveness, and assist in the auditing and reporting of cybersecurity and data privacy compliance. A successful candidate should have experience working in fast-paced environments and with small teams. Duties and Responsibilities:
- Assist Internal Audit in implementing the Enterprise Risk Management program, particularly as it applies to cybersecurity and data privacy.
- Participate in regular audits, including risk assessment review, audit scoping, identifying and testing processes and controls, and reviewing specific recommendations related to cybersecurity and data privacy.
- Recognize, understand, and analyze root causes, patterns, or trends that could result in risk to cybersecurity and data privacy and to the organization.
- Identify and implement corrective actions where appropriate and consistent with ERM objectives.
- Ensure that Coinbase maintains adequate risk controls to facilitate compliance with laws and regulations related to cryptocurrencies and security infrastructure.
- Support the various business lines for risk analysis, testing, and implementation of new products and services by providing an internal control perspective to identify control gaps and recommendations for improvements.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
- 5+ combined years experience in risk management, audit, and/or IT controls testing.
- Extensive knowledge of cloud-based systems.
- CISA and CISSP preferred.
- Excellent communication, interpersonal, and analytical skills.
- Ability to multi-task in a rapidly changing environment.
- Demonstrated ability to work independently and execute effectively.
- Strong project management skills -- organized, logical, methodical, strong attention to detail.
- Passion for data security.
- Extensive knowledge of cybersecurity and data privacy regulations (e.g., PCI, GLBA, SOC, ISO27001, GDPR).