Senior Security Program Manager

About The Position

Requirements

• Bachelor's degree in Computer Science, Information Technology (or equivalent work experience) required
• 7+ years of experience in program management with at least 3 years in security program management or related roles.
• Experience in project management and leading cross-functional teams.
• Experience with security risk assessments and mitigation strategies.
• Experience with the phases of the software development lifecycle
• Experience with risk management concepts, common vulnerability scanning and penetration testing tools
• Experience with infrastructure security concepts including firewalls, DMZs, intrusion detection/prevention systems, network security, application security concepts, CASB, password management, RBAC, SIEM, vulnerability management, and access provisioning is highly desired.
• Security certifications such as CISA, CISM, CISSP, CRISC, CGRC, ISO 27001 Lead Implementer/Auditor are highly desired.
• Proven ability to prioritize and manage multiple security initiatives in fast-paced environments
• Strong analytical and problem-solving skills with attention to security detail
• Strategic mindset with capability to navigate security challenges while delivering business value
• Experience influencing stakeholders without direct authority on security matters
• Strong decision-making skills with ability to balance security requirements with business needs

Nice To Haves

• Experience in a regulated industry such as financial services is a plus.

Responsibilities

• Develop and implement security programs, policies, and procedures to Apex’s assets, employees, and customers.
• Effectively lead cross-functional teams to develop and execute security projects.
• Direct and guide product security initiatives with cross functional teams including Software Engineers, Product Management, and other stakeholders
• Provide technical product security subject matter expertise and leadership in defining, documenting, implementing, and communicating product security concepts, requirements, and policies to the organization and to internal customers
• Is standards- and compliance-savvy. You can translate frameworks like NIST-CSF, and ISO/IEC 27001/27002 into pragmatic controls, processes, and evidence.
• Assist in driving the strategic direction of the DevSecOps Program framework through partnerships with engineering, operations, IT and the business
• Own and project-manage the Team project by overseeing intake and triage, backlog grooming, prioritization and assignment, workflow/reporting hygiene, and SLA tracking; coordinate cross-team dependencies with Engineering, IT, Product, Compliance, and other business units to ensure timely ticket resolution and transparent stakeholder communication.
• Define KPIs and success measures; build dashboards and executive reports on status, risk posture, control effectiveness, adoption, and resource capacity; present updates to leadership
• Drive evangelization around security program compliance and provide security guidance and expertise to stakeholders across the organization.
• Develop and maintain security-related documentation and reports.

Benefits

• We offer a robust package of employee perks and benefits, including healthcare benefits (medical, dental and vision, EAP), competitive PTO, 401k match, parental leave, and HSA contribution match.
• We also provide our employees with a paid subscription to the Calm app and offer generous external learning and tuition reimbursement benefits.