Named as a Forbes Fintech 50 the last two years in a row, Marqeta powers innovative  payment solutions for many of the apps and services you enjoy daily. Our modern card issuing platform, open API, and advanced analytics provide unprecedented control for companies to issue cards, authorize transactions and manage payment operations in real-time. 

We are a team of industry experts and technology innovators who take a dynamic approach to solving challenging problems. We power possibilities for our customers by bringing the best talent together in an open and collaborative work environment that rewards creativity and perseverance. 

Marqeta is proud of its Oakland roots and strives to build a global team as diverse as the markets we serve, staying true to our values to Connect the Customer, Find a Way, Make Simple, Take Risk and Build One Marqeta. We are not expecting any single candidate to meet all job requirements listed below, so please apply. It’s an exciting time to join Marqeta. As we grow, your career and opportunities will grow as well.

Position Summary

The Senior Manager, IT Security GRC, reports to the Head of Technical Compliance, and is responsible for leading the development, implementation and evaluation of Marqeta’s IT governance and risk management programs to maintain customer trust and enable security and compliance by design. This role will collaborate with cross-functional teams to assess, prioritize and track risk remediation and report on the overall technical risk posture of the company. This position partners closely with our Security Engineering Team, Technology, Product, and Operations teams and other internal partners to monitor the controls required to meet key security standards and regulatory requirements, including PCI DSS, PCI 3DS, SOX, GDPR and SSAE 18.

Primary Responsibilities

  • Define and implement the IT Security Risk Management Framework to identify, assess, manage and report technical risks across Marqeta
  • Drive implementation of technical policies and procedures 
  • Define, measure and communicate Key Performance Indicators (KPIs) and metrics, shared with various levels of Leadership, to enable risk-based strategic decision making
  • Implement a risk-based approach to monitor third-party/ vendor security practices and compliance with contractual obligations
  • Implement a findings management process to drive remediation of risks and issues
  • Synthesize various requirements and priorities into a unified actionable roadmap for company-wide rollout of data privacy compliance and operations milestones and drive the execution across multiple cross-functional teams
  • Build a repeatable framework to support Sales and Legal teams in responding to technical customer due diligence requests 
  • Design, configure, and support any GRC related tools configuration for the Compliance organization

Requirements

  • Masters or Bachelors degree in Computer Science, Information Security, Information Technology or equivalent experience
  • Minimum 6 years experience in Information Security, IT Risk Management or IT Compliance
  • Experience working with IT and information security regulations and standards (e.g. PCI DSS, ISO 27001, SOC2, SOX, NIST, etc.), generally accepted information security principles, and industry best practices
  • Strong working knowledge of Key Performance Indicators and security metrics
  • Experience working with global privacy and data protection regulations is a plus (e.g. GDPR, CCPA)
  • Proven ability to develop structure, advance execution, and measure performance within various and complex projects, teams and environment
  • A strong bias toward action and able to operate effectively in a dynamic, fast-paced environment
  • Excellent communication and influencing skills including the ability to simplify key messages, present completing stories and promote technical and personal credibility with internal and external customers and stakeholders, and both technical and non-technical audiences
  • Positive attitude, team player, adaptable, resourceful, and self-starter who is able to work independently
  • CISSP, CISM, CISA, CIPP preferred
  • A great sense of humor

Perks

  • Rich suite of benefit plans; employee premiums paid 100%
  • Flexible Time Off 
  • Full paid Parental Leave
  • Pet insurance
  • 401k plan with a Company match
  • Competitive pay
  • Meaningful equity
  • Monthly stipend
  • Bi-annual “Hack Week” to support and reward innovation
  • Open, transparent culture that includes All Hands meetings, Lunch-and-Learns, all-company offsites, etc.
  • Access to corporate gym membership rates, other discounts and employee perks
  • Fully stocked kitchen, catered lunches twice a week, breakfast on Fridays and more!

As part of our dedication to the diversity of our workforce, Marqeta is committed to a policy of Equal Employment Opportunity and will not discriminate against an applicant or employee on the basis of race, color, religion, creed, national origin or ancestry, sex, gender, gender identity, gender expression, sexual orientation, age, physical or mental disability, medical condition, marital/domestic partner status, military and veteran status, genetic information or any other legally-recognized protected basis under federal, state or local laws, regulations or ordinances.

Apply for this Job

* Required

  
  


U.S. Equal Opportunity Employment Information (Completion is voluntary)

Individuals seeking employment at Marqeta are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. You are being given the opportunity to provide the following information in order to help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.

Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.


Form CC-305

OMB Control Number 1250-0005

Expires 05/31/2023

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression

1Section 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.