Senior Security Program Manager
Skills
PlaybookSecure SdlcTechnical Program ManagementRoadmappingIncident ResponseMonitoringCloudInfrastructureVulnerability ManagementSecurity OperationsAuditStakeholder ManagementIdentity And Access ManagementGrcSecurity Program ManagementSecurity MonitoringTabletop ExerciseSecrets ManagementRisk Management
About the Role
You will drive delivery of Keyrock's highest-priority security initiatives across a fast-moving trading environment. You will own a portfolio of security programs, create and maintain multi-quarter roadmaps, establish governance and reporting cadences, and coordinate engineering, cloud, trading, and risk stakeholders. You will improve incident preparedness through playbooks, tabletop exercises, and operational runbooks, and help implement controls such as access governance, secrets management, vulnerability remediation, and security monitoring.
Requirements
- 7+ years in security program management, technical program management, or security operations program delivery
- Demonstrated experience running cross-functional programs across engineering and operations including scope, schedule, risks, and dependencies
- Strong technical fluency in cloud and infrastructure, identity and access, vulnerability management, security monitoring, and incident processes
- Excellent written and verbal communication with ability to translate complex risk into clear priorities
- Experience in fintech, trading, payments, or digital assets preferred
- Familiarity with security frameworks such as NIST CSF or ISO 27001 and audit/assurance concepts preferred
- Relevant certifications (e.g., CISM, CISSP, CISA, CRISC, PMP) or equivalent demonstrated expertise preferred
- AML/CFT awareness is a plus in financial-services contexts
Responsibilities
- Own a portfolio of security programs including planning, resourcing, milestones, dependencies, and outcomes
- Create and maintain multi-quarter roadmaps aligned to business operations
- Establish governance and operating cadence including steering meetings, status reporting, and executive updates
- Support the CISO in delivering firmwide security initiatives
- Drive initiatives for access governance, secrets management, vulnerability remediation, security logging and monitoring, endpoint baselines, and secure SDLC enablement
- Mature control coverage and evidence for internal and external assurance needs
- Support GRC and audit initiatives in partnership with the Director of GRC
- Improve incident preparedness through playbooks, tabletop exercises, lessons learned, and operational runbooks
- Clarify ownership, unblock delivery, and maintain cross-functional coordination and communication
- Build lightweight, scalable processes to improve security consistency without slowing teams