Senior Security Program Manager

Keyrock

1d•Remote

About The Position

As a Senior Security Program Manager, you will drive execution of Keyrock’s highest-priority security initiatives across a fast-moving, always-on trading environment. You’ll build structure, visibility, and predictable delivery across security programs—partnering with Engineering, Infrastructure/Cloud, Trading/Quant Engineering, IT, Risk/Compliance, and leadership to reduce risk while enabling business velocity. This role is ideal for someone who can translate security strategy into delivery: clear roadmaps, measurable outcomes, and strong cross-functional coordination.

Requirements

7+ years in security program management / technical program management / security operations program delivery.
Demonstrated experience running cross-functional programs across engineering and operations (scope, schedule, risks, dependencies).
Strong technical fluency in cloud/infra, identity/access, vulnerability management, security monitoring, and incident processes.
Excellent written/verbal communication with the ability to translate complex risk into clear priorities.

Nice To Haves

Experience in fintech, trading, payments, or digital assets, especially environments requiring high uptime and rapid execution.
Familiarity with security frameworks (NIST CSF, ISO 27001) and audit/assurance concepts.
Experience supporting security programs that intersect with financial integrity domains (e.g., AML/CFT awareness is a plus given Keyrock’s financial-services context).
Relevant certifications (e.g., CISM, CISSP, CISA, CRISC, PMP) or equivalent demonstrated expertise.

Responsibilities

Own a portfolio of security programs (planning, resourcing, milestones, dependencies, risk/issue management, and outcomes).
Create and maintain multi-quarter roadmaps aligned to Keyrock’s business and operating model across venues and services (CEX/DEX and liquidity services).
Establish governance and operating cadence: steering meetings, status reporting, program reviews, and executive updates.
Support the CISO in delivering firmwide initiatives.
Partner with Security and Engineering teams to drive key initiatives such as: access governance, secrets management, vulnerability remediation, security logging/monitoring improvements, endpoint/security baseline, and secure SDLC enablement.
Help mature control coverage and evidence for internal/external assurance needs (as applicable in a financial-services context).
Partner with the Director of GRC to support GRC and audit initiatives.
Partner with Security Operations to improve incident preparedness through playbooks, tabletop exercises, lessons learned, and operational runbooks—ensuring security response stays effective in a high-availability trading environment.
Act as the “glue” across technical and business stakeholders—clarifying ownership, unblocking delivery, and keeping programs moving with crisp communication.
Build lightweight, scalable processes that improve security consistency without slowing teams.