Instantly issue & process payment cards with more control, flexibility & scale
Senior Manager, IT Security GRC
Named as a Forbes Fintech 50 the last two years in a row, Marqeta powers innovative payment solutions for many of the apps and services you enjoy daily. Our modern card issuing platform, open API, and advanced analytics provide unprecedented control for companies to issue cards, authorize transactions and manage payment operations in real-time.
We are a team of industry experts and technology innovators who take a dynamic approach to solving challenging problems. We power possibilities for our customers by bringing the best talent together in an open and collaborative work environment that rewards creativity and perseverance.
Marqeta is proud of its Oakland roots and strives to build a global team as diverse as the markets we serve, staying true to our values to Connect the Customer, Find a Way, Make Simple, Take Risk and Build One Marqeta. We are not expecting any single candidate to meet all job requirements listed below, so please apply. It’s an exciting time to join Marqeta. As we grow, your career and opportunities will grow as well.
The Senior Manager, IT Security GRC, reports to the Head of Technical Compliance, and is responsible for leading the development, implementation and evaluation of Marqeta’s IT governance and risk management programs to maintain customer trust and enable security and compliance by design. This role will collaborate with cross-functional teams to assess, prioritize and track risk remediation and report on the overall technical risk posture of the company. This position partners closely with our Security Engineering Team, Technology, Product, and Operations teams and other internal partners to monitor the controls required to meet key security standards and regulatory requirements, including PCI DSS, PCI 3DS, SOX, GDPR and SSAE 18.
- Define and implement the IT Security Risk Management Framework to identify, assess, manage and report technical risks across Marqeta
- Drive implementation of technical policies and procedures
- Define, measure and communicate Key Performance Indicators (KPIs) and metrics, shared with various levels of Leadership, to enable risk-based strategic decision making
- Implement a risk-based approach to monitor third-party/ vendor security practices and compliance with contractual obligations
- Implement a findings management process to drive remediation of risks and issues
- Synthesize various requirements and priorities into a unified actionable roadmap for company-wide rollout of data privacy compliance and operations milestones and drive the execution across multiple cross-functional teams
- Build a repeatable framework to support Sales and Legal teams in responding to technical customer due diligence requests
- Design, configure, and support any GRC related tools configuration for the Compliance organization
- Masters or Bachelors degree in Computer Science, Information Security, Information Technology or equivalent experience
- Minimum 6 years experience in Information Security, IT Risk Management or IT Compliance
- Experience working with IT and information security regulations and standards (e.g. PCI DSS, ISO 27001, SOC2, SOX, NIST, etc.), generally accepted information security principles, and industry best practices
- Strong working knowledge of Key Performance Indicators and security metrics
- Experience working with global privacy and data protection regulations is a plus (e.g. GDPR, CCPA)
- Proven ability to develop structure, advance execution, and measure performance within various and complex projects, teams and environment
- A strong bias toward action and able to operate effectively in a dynamic, fast-paced environment
- Excellent communication and influencing skills including the ability to simplify key messages, present completing stories and promote technical and personal credibility with internal and external customers and stakeholders, and both technical and non-technical audiences
- Positive attitude, team player, adaptable, resourceful, and self-starter who is able to work independently
- CISSP, CISM, CISA, CIPP preferred
- A great sense of humor
- Rich suite of benefit plans; employee premiums paid 100%
- Flexible Time Off
- Full paid Parental Leave
- Pet insurance
- 401k plan with a Company match
- Competitive pay
- Meaningful equity
- Monthly stipend
- Bi-annual “Hack Week” to support and reward innovation
- Open, transparent culture that includes All Hands meetings, Lunch-and-Learns, all-company offsites, etc.
- Access to corporate gym membership rates, other discounts and employee perks
- Fully stocked kitchen, catered lunches twice a week, breakfast on Fridays and more!
As part of our dedication to the diversity of our workforce, Marqeta is committed to a policy of Equal Employment Opportunity and will not discriminate against an applicant or employee on the basis of race, color, religion, creed, national origin or ancestry, sex, gender, gender identity, gender expression, sexual orientation, age, physical or mental disability, medical condition, marital/domestic partner status, military and veteran status, genetic information or any other legally-recognized protected basis under federal, state or local laws, regulations or ordinances.
Company matched 401k
Company Matched 401k
Generous paid time off plan
Generous Paid Time Off Plan
Employee premiums paid
Employee Premiums Paid
Marqeta at a glance
Marqeta focuses on Financial Services, Transaction Processing, Payments, Fin Tech, and Financial Technology. Their company has offices in Oakland. They have a large team that's between 201-500 employees. To date, Marqeta has raised $524.568M of funding; their latest round was closed on May 2020.