Key skills
AWSAzureCloudGoogle Cloud PlatformRuby on RailsSDLCRubyAnalyticsRailsGCPGoogle CloudIAMCI/CDLeadershipCommunicationRemote WorkSnykCloud Security
About this role
Role Overview
- Lead program strategy and operations: asset coverage, scanning cadence, prioritization, and measurable risk reduction using Tenable (Nessus/SC/IO) and Snyk.
- Integrate Tenable and Snyk findings into engineering backlogs with clear SLAs; partner with SRE, platform, and application teams to drive remediation.
- Establish risk-based prioritization (CVSS, KEV, EPSS, exploitability, business criticality) and publish dashboards for transparency to leadership.
- Mature patching and configuration baselines; build preventative controls and secure-by-default guardrails.
- Coordinate vulnerability disclosure, pen test intake, and threat-driven campaigns for actively exploited CVEs.
- Report program health, trends, and exceptions to security leadership and auditors.
- Establish clear data ownership and stewardship across critical datasets; define roles, responsibilities, and decision rights.
- Define and enforce data classification, access, and usage policies; drive best practices and guard rails for least privilege and segregation of duties.
- Operationalize Sentra (DSPM) and Google DLP to monitor data exposure and access risks; drive timely remediation with accountable teams.
- Build data lifecycle controls (creation, storage, use, sharing, archival, destruction) and technical guardrails embedded in platforms and workflows.
- Ensure compliance with data protection regulations (e.g., PCI, SOX); partner on control design, testing, and evidence collection.
- Collaborate with Security, Legal, Privacy, and Data teams to protect data across its lifecycle and enable safe analytics/product use cases.
- Develop metrics (DLP incidents, misconfigurations, toxic combinations, stale sensitive datasets, policy violations) and report to leadership.
Requirements
- 7–10+ years in information security with 3+ years leading programs or teams; regulated/fintech experience preferred.
- Hands-on depth managing vulnerabilities at scale with Tenable and Snyk across cloud-native, containers, endpoints, and CI/CD.
- Practical experience building/maturing data security programs with Sentra (DSPM) and Google DLP; strong policy design and enforcement.
- Partner management across engineering, data, and compliance; able to translate risk into actionable plans and measurable outcomes.
- Familiarity with PCI and SOX; knowledge of SDLC, DevSecOps, and cloud security architectures (AWS/GCP/Azure).
- Comfort with IAM/IGA, SIEM, CNAPP, and ticketing/workflow integrations; solid grasp of data governance concepts (stewardship, lineage).
- Excellent communication and reporting—clear narratives, crisp metrics, executive-ready updates.
- Certifications such as CISSP or CISM are a plus.
Tech Stack
- AWS
- Azure
- Cloud
- Google Cloud Platform
- Ruby on Rails
- SDLC
Benefits
- Multiple health insurance options
- Flexible time off – take what you need
- Retirement savings program with company contribution and after tax contributions
- Equity in a publicly-traded company and an Employee Stock Purchase Program
- Family-forming benefits, fertility support, and up to 20 weeks of Parental Leave
- Free therapy sessions, financial and professional coaching, and legal advice
- Monthly stipend to support our remote work model
- Annual “development dollars” to support our people growth and development
- Through Flex First, the freedom to live and work wherever you and your family thrive