Senior Security Compliance Manager

Back to All Jobs

Location: Dublin, Ireland

Coinbase has built the world's leading compliant cryptocurrency platform serving over 30 million accounts in more than 100 countries. With multiple successful products, and our vocal advocacy for blockchain technology, we have played a major part in mainstream awareness and adoption of cryptocurrency. We are proud to offer an entire suite of products that are helping build the cryptoeconomy, and increase economic freedom around the world.

There are a few things we look for across all hires we make at Coinbase, regardless of role or team. First, we assess whether a candidate demonstrates our values: Clear Communication, Positive Energy, Efficient Execution, and Continuous Learning. Second, we look for signals that a candidate will thrive in a culture like ours, where we default to trust, embrace feedback, disrupt ourselves, and expect sustained high performance because we play as a championship team. Finally, we seek people with the desire and capacity to build and share expertise in the frontier technologies of crypto and blockchain, in whatever way is most relevant to their role.

Read more about our values and culture here.

Coinbase stores more digital currency than any company in the world, making us a top tier target on the internet. Security is core to our mission and has been a key competitive differentiator for us as we scale worldwide. Essential to scaling is building and running a security compliance program that reflects how we protect the data and assets in our care, to open the doors with customers, regulators, auditors, and other external stakeholders. If you love working with fast moving companies to build security compliance engines from the ground up and create positive change across the business, we’d like to speak with you about joining our team.

Coinbase is looking for a senior security compliance professional to implement our security compliance roadmap in Dublin and collaborate with teams across the company to design, understand, and meet our security requirements. 

What you’ll be doing:

  • Scope and identify risks, controls, and processes across Coinbase products and services.
  • Establish quarterly and annual security and compliance goals for Coinbase Ireland, and leverage maturity models and a roadmap for continual program improvements.
  • Assess security and IT general controls to identify gaps and provide remediation guidance.
  • Monitor evolution and changes in EU and international security standards and guidance, advise team and stakeholders on impact and spearhead change to meet requirements.
  • Serve as one of the primary security interfaces with the Central Bank of Ireland; respond to requests, assist with license support and exams as needed.
  • Conduct periodic monitoring and testing across Coinbase’s security and technology requirements.
  • Work with control owners across the company to internalize their roles and responsibilities and maintain their control documentation.
  • Assist with collecting and maintaining evidence for various compliance audits for external assessors and auditors, working within the Coinbase GRC tool.
  • Author policies, standards, and procedures in collaboration with other teams.
  • Evaluate and communicate security risks, processes, and project status to various stakeholders.
  • Partner with your Security colleagues in Coinbase HQ and Japan to create culture change and ensure security best practices across the company are reflected in Coinbase Ireland activities.

What we look for in you:

  • You have 7+ years of experience in security or technology compliance. Familiarity with and track record of implementing security standards or frameworks including at least two of the following: ISO 27001 series, Central Bank of Ireland Guidance, SOC 1, SOC 2, SOX, GDPR, PCI DSS 3.2, NIST CSF, NIST 800-53.
  • You have a proven track record of designing and documenting control environments in fast-paced, technology-first companies with modern tech stacks.
  • You have an ability to navigate ambiguity and are energized by bringing order to lots of moving parts.
  • You have a track record of partnering well with cross-functional teams: engineering, finance, data, and compliance, and have experience working with various global sites to implement coordinated efforts.
  • You can dynamically prioritize across disparate efforts and work independently to maximize risk reduction.
  • You have all-star communication and writing skills that enable you to proactively build relationships and relay security requirements to any team.
  • You have a relevant BA/BS degree and/or certifications (CISA, CISM, CISSP, CRISC).

Nice to haves:

  • Knowledge of AWS environments and services.
  • Experience working with or for fintech or financial services.
  • Experience implementing or documenting technology controls in enterprise applications.
  • Experience implementing and/or working in a GRC tool such as Archer or Metricstream.

Coinbase is committed to diversity in its workforce and is proud to be an equal opportunity employer and to review all of our job postings to minimize biased language. Coinbase does not make hiring or employment decisions on the basis of race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other basis protected by applicable local, state or federal law. Coinbase will also consider for employment qualified applicants with arrest and conviction records in a manner consistent with San Francisco’s Fair Chance Ordinance and similar local laws.

Privacy Notice and Consent for New Applicants

The General Data Protection Regulation (GDPR) regulates the way that we manage the data of job applicants. During this early phase of the application process, Coinbase Ireland Limited (Coinbase) will be gathering and processing personal information (your data) in order to assess your suitability for the role in which you have applied. If you are unsuccessful during any point of this process then we are legally required to keep your data on file, for a period of time. We will keep your data in order to comply with employment law obligations only and for no longer than obligated to do so.

Under GDPR, we need your consent to process your application. With this form, we are providing you with notice on how your data will be processed as part of the application procedure. By signing this form, you are agreeing to our use and processing of your data as required.

Data controller details

Coinbase is a data controller, meaning that it determines the processes to be used when using your personal data. Our contact details are as follows:

Coinbase Ireland Limited

70 Sir John Rogerson's Quay,

Grand Canal Dock, Dublin 2


Email -

Data protection tenets

In relation to your personal data, we will:

  • process it fairly, lawfully and in a clear, transparent way;
  • collect your data only for reasons that we have stated in this document;
  • only use it in the way that we have told you about;
  • ensure it is correct and up to date;
  • keep your data for only as long as we need it; and
  • process it in a way that ensures it will not be used for anything that you are not aware of or have consented to (as appropriate), lost or destroyed.

Types of data we process

We hold many types of data about you, including:

  • your personal details including your name, address, date of birth, email address, phone numbers;
  • biological sex;
  • interview transcript/notes; and
  • information contained within your CV including references, education history and employment history.

How we collect your data

From the start of this process we will begin to gather information about you. This includes the information you would normally include in a CV or a recruitment cover letter, or notes made by our Talent recruiting team during a recruitment interview.

In some cases, we will collect data about you from third party employment agencies, this information will only be passed to us from the employment agency upon your consent.

Personal data is kept in personnel files or within Coinbase HR third party business systems and IT systems. The access to these systems is limited to those job roles where it is essential to access your records.

Why we process your data

The law on data protection allows us to process your data for certain reasons only, the reasons relevant to you during this process are:

  • in order to carry out legally required duties;
  • in order for us to carry out our legitimate business interests; and
  • to protect your interests.

All processing carried out by us falls into one of the permitted reasons. Generally, we will rely on the first two reasons set out above to process your data. We need to collect your personal data to assess your suitability for the advertised role.

We also need to collect your data to ensure we are complying with legal requirements such as:

  • making reasonable adjustments for disabled employees; and
  • tracking our fair employment process.

Special categories of data

Special categories of data may include:

  • health;
  • sexual orientation;
  • race;
  • ethnic origin; and
  • religion.

We must process special categories of data in accordance with more stringent guidelines. Most commonly, we will process special categories of data when the following applies:

  • you have given explicit consent to the processing;
  • we must process the data in order to carry out our legal obligations; and
  • you have already made the data public.

We will use your special category data:

  • for the purposes of equal opportunities monitoring (as is our legal obligation); and
  • to determine reasonable adjustments (as is our legal obligation).

We do not need your consent if we use special categories of personal data in order to carry out our legal obligations or exercise specific rights under employment law. However, we will ask for your consent to gather the information in the first place. You will have full control over your decision to give or withhold consent and there will be no consequences where consent is withheld, in the context of special data. Consent, once given, may be withdrawn at any time. There will be no consequences where consent is withdrawn.

Protecting your data

We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented GDPR compliant processes to guard against such.

Where we share your data with third parties, we provide written instructions to them to ensure that your data is held securely and in line with GDPR requirements. Third parties must implement appropriate technical and organizational measures to ensure the security of your data.

How long we keep your data for

In line with data protection tenets, we only keep your data for as long as we need it. If unsuccessful during the application process we will keep your personal details, interview notes and your CV details, is kept for 12 months or as long as is necessary to comply with applicable immigration law (whichever is shorter).

Successful applicants will be provided with an employee privacy notice as part of the on-boarding process.


Providing Consent

Coinbase is committed to complying with the GDPR. You are entirely in control of your decision to give consent to our use of your data as requested in this form. You do not need to give consent. However, in order for Coinbase to assess your credentials you will need to supply consent in order for us to process your application.

Withdrawing Consent

You have the absolute unrestricted right to withdraw your consent at any time. We will stop processing the data for which you have withdrawn your consent. Please note however, we must keep some personal data in order to comply with employment regulation.

Change in Purpose

If the purpose of using the data for changes, we will seek new consent, setting out the new purpose. You can decline to give your consent, with no repercussions. Consent can again be withdrawn at any time once given.

Making a Complaint

The supervisory authority in Ireland for data protection matters is the Data Protection Commission (“DPC”). If you think your data protection rights have been breached in any way by us, you are able to make a complaint to the DPC. You may lodge a complaint by emailing or writing to the following address:  Data Protection Commission, Canal House, Station Road, Portarlington, R32 AP23 Co. Laois. You can visit the website of the Data Protection Commission at for more details.

Data Protection Officer

Coinbase's Data Protection Officer is Paul Barks. Contact details are:

Benefits at Coinbase
  • Health and Dental insurance covered at 100% for employees and 50% for dependents
  • Eyecare vouchers
  • Disability and Life Assurance
  • Monthly Gym Allowance
  • Volunteer Time Off
  • Fertility Counseling and Benefits
  • Individual Career Development budget
  • Pension plan with company match
  • Tax saver commuter program
  • 18 weeks paid Maternity and Paternity Leave
  • Snacks and Lunch provided onsite
  • 7 year post termination option exercise window (for employees who stay 2 years or more) vs. the industry standard 90 days