Lightspark is hiring a
Security Compliance Lead, Web3 - United States

Summary

The job is for a Security Compliance Lead at Lightspark, a company specializing in open payments using Bitcoin and the Lightning Network. The role involves managing and improving the technology security compliance program, collaborating with various teams, developing policies, managing audits, and creating security training programs.

Requirements

A minimum of 4 years of experience in security policy and compliance for technology

Responsibilities

• Ensure adequate project management tracking and facilitate communication within the program, team and other stakeholders
• Collaborate with engineering, IT, and business owners to define program requirements, set priorities, and establish scope of policies and programs
• Manage interdependencies across operations & projects within the program to mitigate roadblocks to ensure critical project delivery on time
• Develop and maintain technical policies, standards, and guidelines aligned with organizational objectives and legal requirements, including compliance and audit planning
• Drive improvements to our SOC 2 program, including the addition of additional TSC and underlying design, implementation and operating effectiveness of controls
• Manage technical audits (e.g. code audits, security audits), SOC2 program, customer due diligence processes, and third party risk management program, liaising directly with external stakeholders, as well as manage the process of internally conducted reviews and audits of our programs, ensuring compliance with best in class security industry standards
• Program manage security related system implementations, third party and internal, for end to end delivery
• Design and execute security training and awareness programs for the technical organizations as well as assist in the coordination and delivery of other company specific trainings
• Create process improvements within the team, using data and metrics tracking within team

Preferred Qualifications

• Knowledge of industry standards like ISO 27001, NIST, or OWASP is a plus
• Understanding of payment-related regulations such as PCI-DSS, PSD2, and other regional compliance requirements
• Preferred certifications: PMP, CISSP, CEH, or equivalent

Benefits

Startup Mentality: While the role is balanced on strategy, program management, and hands-on execution, you will be expected to act as an individual contributor when needed. We are a startup!