Manager, Vulnerability & Data Security

About Marqeta's Manager, Vulnerability & Data Security Role

As Marqeta’s Information Security Manager, you will lead the Vulnerability Management program and establish a comprehensive Data Security program. This role is pivotal in driving risk reduction across Marqeta’s 100% cloud-based environment, including cloud infrastructure, endpoints, and applications. You will be responsible for building robust controls and implementing monitoring solutions to safeguard critical data end-to-end across all systems and services.

Marqeta operates on a Flexible First model, allowing this role to be performed remotely anywhere within the United States.

The Impact You'll Have

Vulnerability Management

• Lead the vulnerability program strategy and operations, covering asset coverage, scanning cadence, prioritization, and measurable risk reduction using tools like Tenable (Nessus/SC/IO) and Snyk.
• Integrate Tenable and Snyk findings into engineering backlogs, setting clear SLAs, and partnering with SRE, platform, and application teams to drive timely remediation.
• Establish risk-based prioritization methodologies (CVSS, KEV, EPSS, exploitability, business criticality) and publish transparent dashboards for leadership.
• Mature patching and configuration baselines, building preventative controls and secure-by-default guardrails.
• Coordinate vulnerability disclosure, pen test intake, and threat-driven campaigns for actively exploited CVEs.
• Report program health, trends, and exceptions to security leadership and auditors.

Data Security (Program Build & Ownership)

• Establish clear data ownership and stewardship across critical datasets, defining roles, responsibilities, and decision rights.
• Define and enforce data classification, access, and usage policies; drive best practices for least privilege and segregation of duties.
• Operationalize Sentra (DSPM) and Google DLP to monitor data exposure and access risks, driving timely remediation with accountable teams.
• Build data lifecycle controls (creation, storage, use, sharing, archival, destruction) and technical guardrails embedded in platforms and workflows.
• Ensure compliance with data protection regulations (e.g., PCI, SOX); partner on control design, testing, and evidence collection.
• Collaborate with Security, Legal, Privacy, and Data teams to protect data across its lifecycle and enable safe analytics/product use cases.
• Develop metrics (DLP incidents, misconfigurations, toxic combinations, stale sensitive datasets, policy violations) and report to leadership.

Who You Are

• 7–10+ years in information security with 3+ years leading programs or teams; regulated/fintech experience is preferred.
• Hands-on depth managing vulnerabilities at scale with Tenable and Snyk across cloud-native, containers, endpoints, and CI/CD environments.
• Practical experience building/maturing data security programs with Sentra (DSPM) and Google DLP; strong policy design and enforcement skills.
• Proven partner management across engineering, data, and compliance teams; ability to translate risk into actionable plans and measurable outcomes.
• Familiarity with PCI and SOX compliance standards; knowledge of SDLC, DevSecOps, and cloud security architectures (AWS/GCP/Azure).
• Comfort with IAM/IGA, SIEM, CNAPP, and ticketing/workflow integrations; solid grasp of data governance concepts (stewardship, lineage).
• Excellent communication and reporting skills—ability to create clear narratives, crisp metrics, and executive-ready updates.
• Certifications such as CISSP or CISM are a plus.

How you’ll measure success

• Reduction in high-risk vulnerabilities and time-to-remediation across prioritized asset classes.
• Complete inventory coverage and adherence to patch/configuration SLAs via Tenable/Snyk dashboards.
• Implemented and adopted data classification and access policies with defined ownership.
• Sentra and Google DLP coverage with declining exposure trends and timely remediation.
• Successful PCI/SOX audits for relevant controls; fewer exceptions and faster closure.
• Clear metrics and dashboards used by leadership for decision-making.

Key skills/competency

• Vulnerability Management
• Data Security
• Cloud Security
• Tenable
• Snyk
• Google DLP
• PCI Compliance
• SOX Compliance
• Risk Management
• DevSecOps