Senior Manager of Product Security

Summary

Join Marqeta as our Senior Manager of Product Security and lead the growth of our product and cloud security programs. This role requires strong leadership, operational excellence, and a risk-centric approach, with significant experience in product and cloud security. You will design, implement, and manage a comprehensive product security program, collaborating with cross-functional teams. The position offers flexible work arrangements (remote or Oakland office) and a competitive salary and benefits package. We are seeking a candidate with proven experience in security leadership, expertise in relevant security disciplines, and strong communication skills. This is a chance to make a significant impact on Marqeta's security posture and contribute to a high-performing team.

Requirements

• Proven experience (4+ years) in a security leadership role with deep expertise in product security, cloud security and DevSecOps disciplines and best practices (NIST SSDF, BSIMM, OWASP, Google SLSA, Cloud Security Alliance)
• Experience with ISO 27001, PCI DSS, PCI 3DS, GDPR, and CPRA
• Experience in executive level reporting
• Exceptional leadership and managerial skills, with the ability to effectively lead and develop a high-performing security team
• Excellent understanding of cybersecurity risk management principles and the ability to implement effective controls and processes
• Hands-on experience designing and implementing security programs, policies, and procedures
• Demonstrated experience leading transformational roadmaps and scaling support across a large and growing global organization
• Excellent communication and interpersonal skills, with the ability to cultivate relationships across teams, influence decision making, and collaborate with stakeholders at all levels of the organization
• Proactive and strategic mindset, with the ability to anticipate and mitigate security risks and issues
• High ethical standards and a commitment to promoting a strong security culture
• Relevant certifications: CISSP, CIAM, GSEC, Security+, CISA, CDP, CDE, GCSA, CASE, CASS, CSSLP, GWEB, GDSA, ISSAP, and AWS certifications

Responsibilities

• Design, implement, and manage a product security program capable of delivering shift-left services to embed security early in the SDLC process (advisory services, testing design, secure design checklists, Security-as-Code libraries, threat modeling, data flow diagrams, secure coding training, etc.)
• Define and operate a security champions program leveraging identified champions from within each development team to advance product and cloud security initiatives
• Provide developer teams with comprehensive security testing services, remediation advice and validation
• Centrally analyze and contextualize product and cloud vulnerability findings in order to assist the Vulnerability Management Center of Excellence with prioritized ticketing and reporting to include SLA tracking, remediation validation, and source tracking
• Produce product security program metrics that provide insights into developer engagement, overall SSDLC health, cloud security posture, etc
• Monitor the health of Marqeta web applications such as Marqeta.com and work with appropriate stakeholders to ensure remediation of vulnerabilities
• In alignment with the security incident response plan, define product incident response team procedures to respond to and remediate critical production vulnerabilities and/or active threat exploitation of Marqeta products
• Define penetration testing strategy and and coordinating all penetration tests
• In partnership with infrastructure teams deploy, configure/tune, monitor (health, performance, stability) and maintain product and cloud security solutions
• Define product and cloud security policies, standards, procedures, configuration baselines, and reusable architecture patterns
• Lead cybersecurity solution evaluations (e.g. on-paper evaluations and proof of concept activities) to include gathering and analyzing requirements from various stakeholders
• Develop matrixed change approval workflows and configuration/policy audit procedures to ensure cybersecurity expert and multi-team oversight
• Partnering with identity security and infrastructure teams to define the cloud access management strategy and target operating model to ensure delivery of rule audits, approvals, and exceptions in line with compliance and cybersecurity policy
• Define cloud asset characteristics and tagging required
• Collaborate with cross-functional teams to foster a strong security culture, ensure adoption of security services, and measure health of those services
• Monitor and provide periodic reports to senior leadership on the status of the security operations and resilience program, relevant risk exposure, and any trends or significant emerging issues
• Create a high-performing team culture where team members are supported, standards are consistently upheld, people are treated with respect, and everyone feels a sense of belonging

Preferred Qualifications

• Financial services or FinTech experience
• BS degree

Benefits

• Multiple health insurance options
• Flexible time off – take what you need
• Retirement savings program with company contribution
• Equity in a publicly-traded company and an Employee Stock Purchase Program
• Family-forming benefits, fertility support, and up to 20 weeks of Parental Leave
• Free therapy sessions, financial and professional coaching, and legal advice
• Monthly stipend to support our remote work model
• Annual “development dollars” to support our people growth and development
• Remote work
• Annual bonuses