<p>As Marqeta’s Information Security Manager you will lead Vulnerability Management and establish a Data Security program. You’ll drive risk reduction across cloud, endpoints, and applications, while building controls and monitoring to safeguard critical data end-to-end across all of Marqeta’s systems and services—100% cloud-based, with no data center footprint.</p><p>We work <a href="https://www.marqeta.com/blog/2022/05/10/flexible-first">Flexible First</a>. This role can be performed remotely anywhere within the United States. We’d love for you to join us!</p><p>The Impact You'll Have: </p><p>Vulnerability Management</p><ul><li>Lead program strategy and operations: asset coverage, scanning cadence, prioritization, and measurable risk reduction using Tenable (Nessus/SC/IO) and Snyk.</li><li>Integrate Tenable and Snyk findings into engineering backlogs with clear SLAs; partner with SRE, platform, and application teams to drive remediation.</li><li>Establish risk-based prioritization (CVSS, KEV, EPSS, exploitability, business criticality) and publish dashboards for transparency to leadership.</li><li>Mature patching and configuration baselines; build preventative controls and secure-by-default guardrails.</li><li>Coordinate vulnerability disclosure, pen test intake, and threat-driven campaigns for actively exploited CVEs.</li><li>Report program health, trends, and exceptions to security leadership and auditors.</li></ul><p>Data Security (Program Build & Ownership)</p><ul><li>Establish clear data ownership and stewardship across critical datasets; define roles, responsibilities, and decision rights.</li><li>Define and enforce data classification, access, and usage policies; drive best practices and guard rails for least privilege and segregation of duties.</li><li>Operationalize Sentra (DSPM) and Google DLP to monitor data exposure and access risks; drive timely remediation with accountable teams.</li><li>Build data lifecycle controls (creation, storage, use, sharing, archival, destruction) and technical guardrails embedded in platforms and workflows.</li><li>Ensure compliance with data protection regulations (e.g., PCI, SOX); partner on control design, testing, and evidence collection.</li><li>Collaborate with Security, Legal, Privacy, and Data teams to protect data across its lifecycle and enable safe analytics/product use cases.</li><li>Develop metrics (DLP incidents, misconfigurations, toxic combinations, stale sensitive datasets, policy violations) and report to leadership.</li></ul><p>Who You Are:</p><ul><li>7–10+ years in information security with 3+ years leading programs or teams; regulated/fintech experience preferred.</li><li>Hands-on depth managing vulnerabilities at scale with Tenable and Snyk across cloud-native, containers, endpoints, and CI/CD.</li><li>Practical experience building/maturing data security programs with Sentra (DSPM) and Google DLP; strong policy design and enforcement.</li><li>Partner management across engineering, data, and compliance; able to translate risk into actionable plans and measurable outcomes.</li><li>Familiarity with PCI and SOX; knowledge of SDLC, DevSecOps, and cloud security architectures (AWS/GCP/Azure).</li><li>Comfort with IAM/IGA, SIEM, CNAPP, and ticketing/workflow integrations; solid grasp of data governance concepts (stewardship, lineage).</li><li>Excellent communication and reporting—clear narratives, crisp metrics, executive-ready updates.</li><li>Certifications such as CISSP or CISM are a plus.</li></ul><p>How you’ll measure success</p><ul><li>Reduction in high-risk vulnerabilities and time-to-remediation across prioritized asset classes.</li><li>Complete inventory coverage and adherence to patch/configuration SLAs via Tenable/Snyk dashboards.</li><li>Implemented and adopted data classification and access policies with defined ownership.</li><li>Sentra and Google DLP coverage with declining exposure trends and timely remediation.</li><li>Successful PCI/SOX audits for relevant controls; fewer exceptions and faster closure.</li><li>Clear metrics and dashboards used by leadership for decision-making.</li></ul><p>Nice to Have's: </p><ul><li>Experience automating Tenable/Snyk workflows into CI/CD and GRC/Risk registers.</li><li>Background in data governance (stewardship councils, RACI) and analytics platform security (e.g., Snowflake, Databricks, BigQuery).</li><li>Exposure to SaaS Security Posture Management and third-party data controls at scale.</li></ul><p>Manager:</p><ul><li>Chetan Jha</li></ul><p>Recruiter For This Role:</p><ul><li>Kayla Osuna</li></ul><p>Compensation and Benefits: </p><p>Marqeta is a Flex First company which allows you to choose your best working environment, whether that be from home or at a company office. To support Flex First, we calibrate pay to a competitive value according to working location. Compensation is aligned according to three tiers within the United States:</p><ul><li><strong>National</strong>: A baseline tier that applies to most of the geographic territory of the United States.</li><li><strong>Premium</strong>: Slightly elevated from the National tier, and oriented toward a narrower set of higher cost-of-living areas, such as Los Angeles CA and Seattle WA</li><li><strong>Premium Plus</strong>: A tier for the most expensive working areas, like the San Francisco Bay area and New York City.</li></ul><p>Visit <a href="https://www.marqeta.com/company/salaryzones">this page</a> or consult with a Recruiter to determine which tier would be applicable to you.</p><p>When determining salaries, we consider several factors including, but not limited to, skills, prior experience, and work location. The new-hire <strong>base salary</strong> range for this position is:</p><ul><li>National: $167,100 - $208,900</li><li>Premium: $179,800 - $224,700</li><li>Premium Plus: $$195,400 - $244,400</li></ul><p>We also believe in recognizing the contributions of our people. That's why we award annual bonuses to eligible employees, rewarding both individual performance and the success of the entire company.</p><p>Along with monetary compensation, Marqeta offers</p><ul><li>Multiple health insurance options</li><li>Flexible time off – take what you need</li><li>Retirement savings program with company contribution and after tax contributions</li><li>Equity in a publicly-traded company and an Employee Stock Purchase Program</li><li>Family-forming benefits, fertility support, and up to 20 weeks of Parental Leave</li><li>Free therapy sessions, financial and professional coaching, and legal advice</li><li>Monthly stipend to support our remote work model</li><li>Annual “development dollars” to support our people growth and development</li><li>Through Flex First, the freedom to live and work wherever you and your family thrive</li></ul>