Role in brief
Coinbase is hiring a Privacy Analyst to lead its Privacy Incident Management program. This role involves coordinating incident responses, driving remediation efforts, and improving processes across various teams. Candidates with at least three years of experience in privacy, security, or incident response, strong technical investigation skills, and familiarity with privacy regulations should apply.
About the role
This role focuses on owning and enhancing Coinbase's Privacy Incident Management program. The Privacy Analyst will be responsible for the entire lifecycle of privacy incidents, from developing notification workflows and escalation paths to documenting processes and enabling responders. A key part of the role involves identifying opportunities for automation to streamline incident handling and improve efficiency.
The Privacy Analyst will act as the primary lead for privacy incident responses, coordinating efforts across multiple departments including Legal, Product, Engineering, and Communications. This involves driving analysis, ensuring remediation, and following through on all incidents. The role also requires maintaining on-call readiness to triage, classify, and escalate urgent privacy incidents, ensuring they are assessed and routed correctly.
Success in this position means consistently improving the quality of privacy incident responses and maintaining strong relationships with stakeholders. The analyst will conduct retrospectives, track remediation items, and report on incident metrics to identify trends and assess process health. During quieter periods, the role will contribute to broader privacy initiatives, including tooling development and automation projects.
The base salary for this position ranges from $135,320 to $159,200 USD, not including potential equity, bonuses, or benefits.
Skills that matter here
- privacy: This role is centered on leading and improving privacy incident management, requiring deep understanding of privacy principles and regulations.
- security: Experience in security is necessary to understand the broader context of incident response and risk management within a technology environment.
- incident response: Direct experience in leading or supporting incident workflows is a core requirement for managing privacy incidents end-to-end.
- SQL: Proficiency in SQL is needed for conducting technical investigations and data analysis within cloud-native architectures.
- Python: Python skills are used for technical investigations and building automation to reduce manual tasks in incident response.
- data analysis: Data analysis tools and methods are essential for tracking trends, reporting on incident metrics, and assessing process health.
Who this role suits
- A person who thrives on leading complex, cross-functional initiatives and can drive outcomes in a fast-paced environment.
- Someone with a structured analytical approach, capable of documenting processes and communicating findings to diverse audiences.
- An individual who is proactive in identifying and implementing automation opportunities to enhance operational efficiency.
- A candidate who can build and maintain strong relationships with various internal stakeholders across different geographies.
From the employer
- Own the end-to-end Privacy Incident Management program, including notification workflows, escalation paths, process documentation, responder enablement, and automation opportunities.
- Lead privacy incident response as the DRI and Incident Commander, coordinating across Privacy, Privacy Legal, CSIRT, Product, Engineering, and Communications to drive analysis, remediation, and follow-through.
- Maintain on-call readiness to support privacy incident triage, severity classification, and urgent escalations, ensuring incidents are correctly assessed and routed.
- Drive privacy incident retrospectives, track resulting remediation items and control gaps, and deliver incident metrics and reporting covering trends, remediation status, and process health.
- Build and maintain strong cross-functional and cross-geography stakeholder relationships to improve readiness, response quality, and business accountability.
- Support broader Privacy initiatives during lower-volume periods, including cross-functional efforts, tooling development, and automation projects.
- 3+ years of experience in privacy, security, incident response, technology risk, or a related operational risk function, including direct experience leading or supporting incident, issue, or risk workflows requiring structured analysis, documentation, and cross-functional coordination.
- Strong incident management skills with experience communicating privacy risk and incident findings to both technical and non-technical audiences, including producing written incident analyses, retrospective documentation, and executive-level summaries.
- Proven track record of leading technical investigations within cloud-native architectures, with hands-on proficiency in SQL, Python, and data analysis tools (e.g., Postgres, MongoDB, Airflow, Looker, Snowflake).
- Demonstrated experience building automation to reduce manual operational tasks and improve incident response efficiency.
- Working knowledge of privacy regulations and frameworks (e.g., GDPR, CCPA, PIPEDA, ePrivacy, DPIAs/PIAs, ROPA, data subject rights) data subject rights, privacy controls, and privacy issue management.
- Utilizes and builds generative AI responsibly, maintaining human oversight to deliver business-ready outputs and drive measurable improvements in workflow efficiency, cost, and quality.
- Base salary range (excluding equity and bonus): $135,320—$159,200 USD.
- Total compensation may also include equity and bonus eligibility, and benefits (medical, dental, vision, 401(k)).
- Equal Opportunity Employer: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or genetic information.
Questions about this role
What is the remote work policy for this role?
Coinbase operates as a remote-first company, with in-person working sessions called 'surges' held quarterly.
What level of experience is required for this position?
Candidates should have at least three years of experience in privacy, security, incident response, or a related operational risk function.
What technical skills are important for this role?
Key technical skills include proficiency in SQL, Python, and data analysis tools such as Postgres, MongoDB, Airflow, Looker, and Snowflake.