Senior Manager, Internal Audit IT

Team/ Role Paragraph:
The Coinbase Internal Audit is an independent, third line function that reports directly to the Coinbase Audit Committee. The purpose and mission of Internal Audit is to objectively evaluate and audit the effectiveness of governance, compliance, risk management, and control process. The in-house Coinbase Internal Audit team is responsible for strategic analysis, risk assessments, development of the audit plan, project management, quality review, report issuance and issue validation across IT and business functions. By executing all aspects of audits, including planning, walkthroughs, testing, deficiency remediation, and report writing in accordance with the regulatory requirements, you'll play a key role in strengthening our position as the industry leader by evaluating the effectiveness of management’s ability to control potential events or threats and ultimately add value to all our stakeholders

What you’ll be doing (ie. job duties): 

• Set strategic direction for IT & security audit as a senior leader within the global internal audit team, owning the multi‑year IT and security audit roadmap and aligning it with Coinbase’s enterprise risk profile, technology strategy, and regulatory expectations across regions (US, EMEA, APAC).
• Lead Coinbase’s global IT & security audit portfolio, ensuring coordinated coverage across all regions (including EMEA, US, UK, and APAC), and integration with broader global audit plans, co‑sourced partners, and cross‑functional risk initiatives.
• Act as a subject‑matter expert on global technology and security regulations, with deep understanding of EMEA requirements and strong familiarity with other key jurisdictions (e.g., US, UK, APAC) as they relate to information technology, cybersecurity, operational resilience, outsourcing, and broader financial services regulation applicable to Coinbase.
• Own end‑to‑end delivery of complex, cross‑functional IT and security audits, from risk assessment and scoping through planning, fieldwork oversight, reporting, and issue validation, ensuring coverage of cloud, infrastructure, security operations, identity and access management, data protection, IT asset management, vendor/third‑party risk, and key in‑scope products and services.
• Provide executive‑level reporting and insight on the effectiveness of technology and security controls, distilling key themes, emerging risks, and root causes into clear, concise materials for senior management, the Chief Audit Executive, and the Audit Committee.
• Drive high‑impact, pragmatic remediation and control design by challenging and advising management on risk‑based, scalable solutions to issues identified during audits, emphasizing automation, standardization, and long‑term sustainability.
• Lead and develop a high‑performing team of internal auditors (and co‑sourced resources) focused on IT and security, including setting goals, providing coaching and feedback, managing performance, and building succession and talent pipelines across regions.
• Establish and oversee robust issue management for IT & security findings, ensuring timely, risk‑based remediation by management, high‑quality root cause analysis, and disciplined validation of remediation activities; escalate delays or thematic concerns to senior leadership as needed.
• Serve as the primary internal audit point of contact for technology and security leadership, building trusted relationships with senior leaders across Engineering, Security, Infrastructure, Product, and Operations while maintaining third line independence and objectivity.
• Coordinate integrated assurance across the three lines of defense, partnering with first and second line risk, compliance, security, and technology teams to rationalize testing, reduce duplicative work, align methodologies, and maximize control coverage across the organization.
• Shape Coinbase’s IT & security risk narrative with external stakeholders, playing a key role in regulatory examinations and inquiries as they relate to internal audit matters, coordinating information requests, articulating audit results, and ensuring commitments made to regulators are tracked and fulfilled.
• Champion continuous learning and thought leadership in technology and security risk, staying ahead of developments in crypto, digital assets, cloud, cyber, AI, data privacy, and operational resilience, and translating these into updates to the audit universe, methodology, and testing programs.
• Design and deliver education and training for process and control owners (including non‑finance and technical teams) on internal controls, security best practices, audit expectations, and their role in maintaining a strong control environment.
• Promote innovation and tooling within internal audit, driving adoption of data analytics, automation, and Generative AI to modernize IT and security audit execution (e.g., continuous monitoring, anomaly detection, automated evidence retrieval) and partnering on the optimization of IA tooling (e.g., GRC platforms, Workiva/Archer).
• Contribute to Board and Audit Committee materials by owning the IT and security risk and control sections, including status of key audits, issue themes, regulatory interactions, and emerging risk updates, and presenting these topics where appropriate.
• Act as a strategic advisor on major technology and security initiatives, participating early in the lifecycle of key programs (e.g., new product launches, cloud migrations, major architecture changes) to provide independent challenge and control guidance without compromising third line independence.
• Foster a strong risk culture across technology and security teams, encouraging transparent escalation of issues, recognizing strong control behaviors, and helping teams that need support to mature their risk and control mindset.

What we look for in you (ie. job requirements): 

• BA/BS in information systems, computer science, or a related IT discipline.
• 12+ years of experience in internal audit with a strong focus on IT and information security, or in first‑line technology, software development, operations, or security roles with significant controls exposure.
• Deep understanding of cloud‑based technology stacks, software/application development lifecycles, cloud configurations and security services, and enterprise technology operations, maintenance, and oversight risks and controls.
• Demonstrates the ability to responsibly use generative AI tools and copilots (e.g., LibreChat, Gemini, Glean) in daily workflows, continuously learn as tools evolve, and apply human-in-the-loop practices to deliver business-ready outputs and drive measurable improvements in efficiency, cost, and quality.
• Relevant professional certifications (e.g., CPA, CIA, CISA, CISSP, CFE).
• Familiarity with key frameworks such as NIST, COBIT, and ITIL.
• Strong technical acumen in information security, software development, IT operations, or closely related areas.
• Proven track record delivering complex IT audits and/or technology process‑improvement initiatives, with a strong understanding of internal control environments.
• Relevant financial services and/or public accounting experience; fintech or crypto/blockchain exposure strongly preferred.
• Strong project management skills with the ability to manage multiple, global initiatives and deadlines across time zones (e.g., Europe, APAC).
• Exceptional analytical and strategic thinking skills, with impeccable judgment and a relentless commitment to quality, accuracy, and detail.
• Demonstrated leadership and team‑development experience, including mentoring, coaching, and managing global teams and both direct and indirect reports.
• Excellent written, verbal, presentation, and interpersonal skills, with the ability to clearly explain complex technical issues to both technical and non‑technical stakeholders, including executive leadership and the Audit Committee.
• Ability to operate with a high degree of autonomy, make critical decisions, and drive initiatives forward in a fast‑paced, evolving environment.
• Clear understanding of the three lines of defense model and the role of Internal Audit.

Nice to haves:

• Understanding of international regulatory requirements as it pertains to information technology and security.
• Deep understanding of crypto, payments and/or financial services industry and experience in auditing information systems and controls.
• Entrepreneurial attitude and experience with, or the ability to adapt to, a rapidly growing start-up with associated complexities and ambiguities.
• Experience working with/in an out-sourced or co-sourced internal audit function.
• Ability to work across functions and time zones.

Location: Remote-first = can work remotely or in office at your discretion but must reside in US

P76564