Manager, Vulnerability & Data Security

<p>As Marqeta’s Information Security Manager you will lead Vulnerability Management and establish a Data Security program. You’ll drive risk reduction across cloud, endpoints, and applications, while building controls and monitoring to safeguard critical data end-to-end across all of Marqeta’s systems and services—100% cloud-based, with no data center footprint.</p> <p>We work <a href="https://www.marqeta.com/blog/2022/05/10/flexible-first">Flexible First</a>. This role can be performed remotely anywhere within the United States. We’d love for you to join us!</p> <p>The Impact You'll Have: </p> <p><em>Vulnerability Management</em></p> <ul> <li>Lead program strategy and operations: asset coverage, scanning cadence, prioritization, and measurable risk reduction using Tenable (Nessus/SC/IO) and Snyk.</li> <li>Integrate Tenable and Snyk findings into engineering backlogs with clear SLAs; partner with SRE, platform, and application teams to drive remediation.</li> <li>Establish risk-based prioritization (CVSS, KEV, EPSS, exploitability, business criticality) and publish dashboards for transparency to leadership.</li> <li>Mature patching and configuration baselines; build preventative controls and secure-by-default guardrails.</li> <li>Coordinate vulnerability disclosure, pen test intake, and threat-driven campaigns for actively exploited CVEs.</li> <li>Report program health, trends, and exceptions to security leadership and auditors.</li> </ul> <p><em>Data Security (Program Build Ownership)</em></p> <ul> <li>Establish clear data ownership and stewardship across critical datasets; define roles, responsibilities, and decision rights.</li> <li>Define and enforce data classification, access, and usage policies; drive best practices and guard rails for least privilege and segregation of duties.</li> <li>Operationalize Sentra (DSPM) and Google DLP to monitor data exposure and access risks; drive timely remediation with accountable teams.</li> <li>Build data lifecycle controls (creation, storage, use, sharing, archival, destruction) and technical guardrails embedded in platforms and workflows.</li> <li>Ensure compliance with data protection regulations (e.g., PCI, SOX); partner on control design, testing, and evidence collection.</li> <li>Collaborate with Security, Legal, Privacy, and Data teams to protect data across its lifecycle and enable safe analytics/product use cases.</li> <li>Develop metrics (DLP incidents, misconfigurations, toxic combinations, stale sensitive datasets, policy violations) and report to leadership.</li> </ul> <p>Who You Are:</p> <ul> <li>7–10+ years in information security with 3+ years leading programs or teams; regulated/fintech experience preferred.</li> <li>Hands-on depth managing vulnerabilities at scale with Tenable and Snyk across cloud-native, containers, endpoints, and CI/CD.</li> <li>Practical experience building/maturing data security programs with Sentra (DSPM) and Google DLP; strong policy design and enforcement.</li> <li>Partner management across engineering, data, and compliance; able to translate risk into actionable plans and measurable outcomes.</li> <li>Familiarity with PCI and SOX; knowledge of SDLC, DevSecOps, and cloud security architectures (AWS/GCP/Azure).</li> <li>Comfort with IAM/IGA, SIEM, CNAPP, and ticketing/workflow integrations; solid grasp of data governance concepts (stewardship, lineage).</li> <li>Excellent communication and reporting—clear narratives, crisp metrics, executive-ready updates.</li> <li>Certifications such as CISSP or CISM are a plus.</li> </ul> <p>How you’ll measure success</p> <ul> <li>Reduction in high-risk vulnerabilities and time-to-remediation across prioritized asset classes.</li> <li>Complete inventory coverage and adherence to patch/configuration SLAs via Tenable/Snyk dashboards.</li> <li>Implemented and adopted data classification and access policies with defined ownership.</li> <li>Sentra and Google DLP coverage with declining exposure trends and timely r ... (truncated, view full listing at source)