CX Security Program Manager

Ready to be pushed beyond what you think you’re capable of?

At Coinbase, our mission is to increase economic freedom in the world. It’s a massive, ambitious opportunity that demands the best of us, every day, as we build the emerging onchain platform — and with it, the future global financial system.

To achieve our mission, we’re seeking a very specific candidate. We want someone who is passionate about our mission and who believes in the power of crypto and blockchain technology to update the financial system. We want someone who is eager to leave their mark on the world, who relishes the pressure and privilege of working with high caliber colleagues, and who actively seeks feedback to keep leveling up.

We want someone who will run towards, not away from, solving the company’s hardest problems.

Our work culture is intense and isn’t for everyone. But if you want to build the future alongside others who excel in their disciplines and expect the same from you, there’s no better place to be.

While many roles at Coinbase are remote-first, we are not remote-only. In-person participation is required throughout the year. Team and company-wide offsites are held multiple times annually to foster collaboration, connection, and alignment. Attendance is expected and fully supported.

• Own the CX security & access governance program across Consumer and Compliance operations, spanning physical security protocols, logical access controls, and sensitive workflow protections for BPOs, COEs, and CX Hubs.
• Program manage CX‑wide access governance initiatives end‑to‑end: drive the multi‑quarter roadmap, requirements, and implementation plan to standardize how FTE, CTR, and BPO access is requested, evaluated, approved, and monitored across all CX tools, in partnership with IT Solution Engineering, Enterprise Applications, IAM, Security, and People teams.
• Lead CX security risk review processes for new and existing tools: establish repeatable intake, triage, and tracking mechanisms for exception and deviation requests across the CX team; partner with Security and CX leadership on calibration, prioritization, and remediation plans; and ensure review outcomes are reflected in access controls, site standards, and vendor contracts where applicable.
• Scale BPO security governance frameworks by owning the roadmap and execution for security attestation and audit processes, and developing scalable mechanisms to track, review, and resolve security deviations and exception requests, in partnership with Physical Security and Vendor Management.
• Maintain device governance standards for CX BPOs, including CX’s standardized device lifecycle procedures for BPO endpoints, ensuring that enrollment, inventory, offboarding, and device movement controls are consistently applied across all CX BPO sites in alignment with IT and Physical Security standards.
• Build and maintain central CX security & access inventories (e.g., access‑control matrices, security review trackers, vendor security posture views) that connect sites, roles, tools, and entitlements, enabling faster impact analysis, access reviews, and audit responses.
• Drive cross‑functional program management and stakeholder alignment:
• Run working groups and steering forums across Security, IT, Enterprise Applications, VM, Operations, WFM, and People teams.
• Translate policy and control requirements into pragmatic implementation plans and change‑management for CX operations and vendor partners.
• Continuously improve security processes and playbooks (e.g., BPO site launch playbooks, termination/ramp‑down playbooks, security exception workflows), using lessons from incidents, audits, and vendor findings to refine controls, documentation, and training materials.

• 7+ years of experience in program management, technical program management, security, IT, or risk management roles, ideally within a global CX, BPO, or fintech/financial services organization.
• Proven track record leading complex, cross‑functional security or access‑governance programs (e.g., IAM / LDAP group models, MDM/endpoint standards, security monitoring programs, or large‑scale tooling rollouts)…