As Marqeta’s Information Security Manager you will lead Vulnerability Management and establish a Data Security program. You’ll drive risk reduction across cloud, endpoints, and applications, while building controls and monitoring to safeguard critical data end-to-end across all of Marqeta’s systems and services—100% cloud-based, with no data center footprint. We work Flexible First. This role can be performed remotely anywhere within the United States. We’d love for you to join us! The Impact You'll Have: Vulnerability Management Lead program strategy and operations: asset coverage, scanning cadence, prioritization, and measurable risk reduction using Tenable (Nessus/SC/IO) and Snyk. Integrate Tenable and Snyk findings into engineering backlogs with clear SLAs; partner with SRE, platform, and application teams to drive remediation. Establish risk-based prioritization (CVSS, KEV, EPSS, exploitability, business criticality) and publish dashboards for transparency to leadership. Mature patching and configuration baselines; build preventative controls and secure-by-default guardrails. Coordinate vulnerability disclosure, pen test intake, and threat-driven campaigns for actively exploited CVEs. Report program health, trends, and exceptions to security leadership and auditors. Data Security (Program Build & Ownership) Establish clear data ownership and stewardship across critical datasets; define roles, responsibilities, and decision rights. Define and enforce data classification, access, and usage policies; drive best practices and guard rails for least privilege and segregation of duties. Operationalize Sentra (DSPM) and Google DLP to monitor data exposure and access risks; drive timely remediation with accountable teams. Build data lifecycle controls (creation, storage, use, sharing, archival, destruction) and technical guardrails embedded in platforms and workflows. Ensure compliance with data protection regulations (e.g., PCI, SOX); partner on control design, testing, and evidence collection. Collaborate with Security, Legal, Privacy, and Data teams to protect data across its lifecycle and enable safe analytics/product use cases. Develop metrics (DLP incidents, misconfigurations, toxic combinations, stale sensitive datasets, policy violations) and report to leadership. Who You Are: 7–10+ years in information security with 3+ years leading programs or teams; regulated/fintech experience preferred. Hands-on depth managing vulnerabilities at scale with Tenable and Snyk across cloud-native, containers, endpoints, and CI/CD. Practical experience building/maturing data security programs with Sentra (DSPM) and Google DLP; strong policy design and enforcement. Partner management across engineering, data, and compliance; able to translate risk into actionable plans and measurable outcomes. Familiarity with PCI and SOX; knowledge of SDLC, DevSecOps, and cloud security architectures (AWS/GCP/Azure). Comfort with IAM/IGA, SIEM, CNAPP, and ticketing/workflow integrations; solid grasp of data governance concepts (stewardship, lineage). Excellent communication and reporting—clear narratives, crisp metrics, executive-ready updates. Certifications such as CISSP or CISM are a plus. How you’ll measure success Reduction in high-risk vulnerabilities and time-to-remediation across prioritized asset classes. Complete inventory coverage and adherence to patch/configuration SLAs via Tenable/Snyk dashboards. Implemented and adopted data classification and access policies with defined ownership. Sentra and Google DLP coverage with declining exposure trends and timely remediation. Successful PCI/SOX audits for relevant controls; fewer exceptions and faster closure. Clear metrics and dashboards used by leadership for decision-making.