Senior Manager, Internal Audit IT

Ready to be pushed beyond what you think you’re capable of?

At Coinbase, our mission is to increase economic freedom in the world. It’s a massive, ambitious opportunity that demands the best of us, every day, as we build the emerging onchain platform — and with it, the future global financial system.

To achieve our mission, we’re seeking a very specific candidate. We want someone who is passionate about our mission and who believes in the power of crypto and blockchain technology to update the financial system. We want someone who is eager to leave their mark on the world, who relishes the pressure and privilege of working with high caliber colleagues, and who actively seeks feedback to keep leveling up. We want someone who will run towards, not away from, solving the company’s hardest problems.

Our work culture is intense and isn’t for everyone. But if you want to build the future alongside others who excel in their disciplines and expect the same from you, there’s no better place to be.

While many roles at Coinbase are remote-first, we are not remote-only. In-person participation is required throughout the year. Team and company-wide offsites are held multiple times annually to foster collaboration, connection, and alignment. Attendance is expected and fully supported.

Team/ Role Paragraph: *

*The Coinbase Internal Audit is an independent, third line function that reports directly to the Coinbase Audit Committee. The purpose and mission of Internal Audit is to objectively evaluate and audit the effectiveness of governance, compliance, risk management, and control process. The in-house Coinbase Internal Audit team is responsible for strategic analysis, risk assessments, development of the audit plan, project management, quality review, report issuance and issue validation across IT and business functions. By executing all aspects of audits, including planning, walkthroughs, testing, deficiency remediation, and report writing in accordance with the regulatory requirements, you'll play a key role in strengthening our position as the industry leader by evaluating the effectiveness of management’s ability to control potential events or threats and ultimately add value to all our stakeholders

**

What you’ll be doing (ie. job duties):

• Set strategic direction for IT & security audit as a senior leader within the global internal audit team, owning the multi‑year IT and security audit roadmap and aligning it with Coinbase’s enterprise risk profile, technology strategy, and regulatory expectations across regions (US, EMEA, APAC).

• Lead Coinbase’s global IT & security audit portfolio, ensuring coordinated coverage across all regions (including EMEA, US, UK, and APAC), and integration with broader global audit plans, co‑sourced partners, and cross‑functional risk initiatives.

• Act as a subject‑matter expert on global technology and security regulations, with deep understanding of EMEA requirements and strong familiarity with other key jurisdictions (e.g., US, UK, APAC) as they relate to information technology, cybersecurity, operational resilience, outsourcing, and broader financial services regulation applicable to Coinbase.

• Own end‑to‑end delivery of complex, cross‑functional IT and security audits, from risk assessment and scoping through planning, fieldwork oversight, reporting, and issue validation, ensuring coverage of cloud, infrastructure, security operations, identity and access management, data protection, IT asset management, vendor/third‑party risk, and key in‑scope products and services.

• Provide executive‑level reporting and insight on the effectiveness of technology and security controls, distilling key themes, emerging risks, and root causes into clear, concise materials for senior management, the Chief Audit Executive, and the Audit Committee.

• Drive high‑impact, pragmatic remediation and control design by challenging and advising management on risk‑based, scalable solutions to issues identified during audits, emphasizing automation, standardization, and long‑term sustainability.

• Lead and develop a high‑performing team of internal auditors (and co‑sourced resources) focused on IT and security, including setting goals, providing coaching and feedback, managing performance, and building succession and talent pipelines across regions.

• Establish and oversee robust issue management for IT & security findings, ensuring timely, risk‑based remediation by management, high‑quality root cause analysis, and disciplined validation of remediation activities; escalate delays or thematic concerns to senior leadership as needed.

• Serve as the primary internal audit point of contact for technology and security leadership, building trusted relationships with senior leaders across Engineering, Security, Infrastructure, Product, and Operations while maintaining third line independence and objectivity.

• Coordinate integrated assurance across the three lines of defense, partnering with first and second line risk, compliance, security, and technology teams to rationalize testing, reduce duplicative work, align methodologies, and maximize control coverage across the organization.

• Shape Coinbase’s IT & security risk narrative with external stakeholders, playing a key role in regulatory examinations and inquiries as they relate to internal audit matters, coordinating information requests, articulating audit results, and ensuring commitments made to regulators are tracked and fulfilled.

• Champion continuous learning and thought leadership in technology and security risk, staying ahead of developments in crypto, digital assets, cloud, cyber, AI, data privacy, and operational resilience, and translating these into updates to the audit universe, methodology, and testing programs.

• Design and deliver education and training for process and control owners (including non‑finance and technical teams) on internal controls, security best practices, audit expectations, and their role in maintaining a strong control environment.

• Promote innovation and tooling within internal audit, driving adoption of data analytics, automation, and Generative AI to modernize IT and security audit execution (e.g., continuous monitoring, anomaly detection, automated evidence retrieval) and partnering on the optimization of IA tooling (e.g., GRC platforms, Workiva/Archer).

• Contribute to Board and Audit Committee materials by owning the IT and security risk and control sections, including status of key audits, issue themes, regulatory interactions, and emerging risk updates, and presenting these topics where appropriate.

• Act as a strategic advisor on major technology and security initiatives, participating early in the lifecycle of key programs (e.g., new product launches, cloud migrations, major architecture changes) to provide independent challenge and control guidance without compromising third line independence.

• Foster a strong risk culture across technology and security teams, encouraging transparent escalation of issues, recognizing strong control behaviors, and helping teams that need support to mature their risk and control mindset.

What we look for in you (ie. job requirements):

• BA/BS in information systems, computer science, or a related IT discipline.

• 12+ years of experience in internal audit with a strong focus on IT and information security, or in first‑line technology, software development, operations, or security roles with significant controls exposure.

• Deep understanding of cloud‑based technology stacks, software/application development lifecycles, cloud configurations and security services, and enterprise technology operations, maintenance, and oversight risks and controls.

• Demonstrates the ability to responsibly use generative AI tools and copilots (e.g., LibreChat, Gemini, Glean) in daily workflows, continuously learn as tools evolve, and apply human-in-the-loop practices to deliver business-ready outputs and drive measurable improvements in efficiency, cost, and quality.

• Relevant professional certifications (e.g., CPA, CIA, CISA, CISSP, CFE).

• Familiarity with key frameworks such as NIST, COBIT, and ITIL.

• Strong technical acumen in information security, software development, IT operations, or closely related areas.

• Proven track record delivering complex IT audits and/or technology process‑improvement initiatives, with a strong understanding of internal control environments.

• Relevant financial services and/or public accounting experience; fintech or crypto/blockchain exposure strongly preferred.

• Strong project management skills with the ability to manage multiple, global initiatives and deadlines across time zones (e.g., Europe, APAC).

• Exceptional analytical and strategic thinking skills, with impeccable judgment and a relentless commitment to quality, accuracy, and detail.

• Demonstrated leadership and team‑development experience, including mentoring, coaching, and managing global teams and both direct and indirect reports.

• Excellent written, verbal, presentation, and interpersonal skills, with the ability to clearly explain complex technical issues to both technical and non‑technical stakeholders, including executive leadership and the Audit Committee.

• Ability to operate with a high degree of autonomy, make critical decisions, and drive initiatives forward in a fast‑paced, evolving environment.

• Clear understanding of the three lines of defense model and the role of Internal Audit.

Nice to haves:

• Understanding of international regulatory requirements as it pertains to information technology and security.

• Deep understanding of crypto, payments and/or financial services industry and experience in auditing information systems and controls.

• Entrepreneurial attitude and experience with, or the ability to adapt to, a rapidly growing start-up with associated complexities and ambiguities.

• Experience working with/in an out-sourced or co-sourced internal audit function.

• Ability to work across functions and time zones.

Location: Remote-first = can work remotely or in office at your discretion but must reside in US

P76564

Pay Transparency Notice: * *Depending on your work location, the target annual *base *salary for this position can range as detailed below. Total compensation may also include equity and bonus eligibility and benefits (including medical, dental, vision and 401(k)).

Annual base salary range (excluding equity and bonus):

$201,365—$236,900 USD

Please be advised that each candidate may submit a maximum of four applications within any 30-day period. We encourage you to carefully evaluate how your skills and interests align with Coinbase's roles before applying.

Commitment to Equal Opportunity

Coinbase is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, sex, gender expression or identity, sexual orientation or any other basis protected by applicable law. Coinbase will also consider for employment qualified applicants with criminal histories in a manner consistent with applicable federal, state and local law. For US applicants, you may view the Employee Rights and the Know Your Rights notices by clicking on their corresponding links. Additionally, Coinbase participates in the E-Verify program in certain locations, as required by law.

Coinbase is also committed to providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please contact us at accommodations[at]coinbase.com to let us know the nature of your request and your contact information. For quick access to screen reading technology compatible with this site click here to download a free compatible screen reader (free step by step tutorial can be found here).

Global Data Privacy Notice for Job Candidates and Applicants

Depending on your location, the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) may regulate the way we manage the data of job applicants. Our full notice outlining how data will be processed as part of the application procedure for applicable locations is available here. By submitting your application, you are agreeing to our use and processing of your data as required. For US applicants only, by submitting your application you are agreeing to arbitration of disputes as outlined here.

AI Disclosure

For select roles, Coinbase is piloting an AI tool based on machine learning technologies to conduct initial screening interviews to qualified applicants. The tool simulates realistic interview scenarios and engages in dynamic conversation. A human recruiter will review your interview responses, provided in the form of a voice recording and/or transcript, to assess them against the qualifications and characteristics outlined in the job description.

For select roles, Coinbase is also piloting an AI interview intelligence platform to transcribe and summarize interview notes, allowing our interviewers to fully focus on you as the candidate.

The above pilots are for testing purposes and Coinbase will not use AI to make decisions impacting employment . To request a reasonable accommodation due to disability, please contact accommodations[at]coinbase.com