Position Details

Salary $223K – $300K USD / year

Type Full-Time

Experience senior

Exp. Years 7+ years in information security, risk management, or GRC roles, with a minimum of 3 years managing teams

Education Not specified

Category Cybersecurity

About this role

Lead security governance and third-party risk management programs for a fintech/regulated tech company, driving policy, controls, and KPI-driven governance at scale.

Key Responsibilities

Own Security Governance: policies and control frameworks
Lead TPRM across vendor lifecycle
Manage remediation and QA cycles
KPIs, dashboards, reporting
Build and scale Governance/TPRM teams

Technical Overview

Strong governance framework leadership with hands-on tooling (AuditBoard, Jira, Sigma/BI, Looker, Tableau, MetricStream); deep knowledge of NIST/ISO, SOC2, PCI; experience with CI/CD security, APIs, SSO/OAuth/SAML.

Ideal Candidate

The ideal candidate is a senior security risk leader with 7+ years in information security/GRC, 3+ years of people management, and deep experience in security governance and TPRM within fintech or regulated environments.

Must-Have Skills

7+ years in information securityrisk managementor GRC roleswith a minimum of 3 years managing teams (or equivalent leadership experience)Demonstrated ownership of a TPRM program or security governance program in a regulated or high-growth technology environmentStrong knowledge of security frameworks (NISTISO)compliance standards (SOC2PCI)and vendor risk processes (IRQ/DDQ/SME assessments)Hands-on familiarity with TPRM/GRC tooling and observability: AuditBoard (or equivalent)JiraBI tools (Sigma/Tableau/Looker)and experience with integrations/APIsExcellent stakeholder management across legalprocurementengineeringproductand executive leadershipProven experience translating audit findings into operational remediation plans and measurable outcomesCertifications such as CISSPCISMCRISCor similarThreat-modeling approaches and third-party integration security (APISSO/OAuth/SAMLTLS)

Nice-to-Have Skills

Experience scaling automation for GRC/TPRM programsExperience with CI/CD pipelines integration of security checksFintech or highly regulated industry experience

Tools & Platforms

AuditBoardJiraSigmaTableauLookerMetricStream

Required Skills

security governancevendor risk managementTPRMNIST CSFISO 27001SOC2PCIAuditBoardJiraBI toolsCI/CDAPIsSSOOAuthSAMLTLSthreat modelingremediationaudits

Hard Skills

Security governanceThird-Party Risk Management (TPRM)NIST CSFISO 27001SOC2PCIAuditBoardJiraSigmaTableauLookerMetricStreamCI/CDAPIsSSOOAuthSAMLTLSThreat modeling

Soft Skills

leadershipstakeholder managementcommunicationproblem-solvinganalytical thinkingteam building

Certifications

Preferred

CISSPCISMCRISC

Industry & Role

Industry Fintech

Job Function Lead governance and vendor risk management programs for enterprise scale

Role Subtype Security Architect

Tech Domains Security governance, Third-Party Risk Management

Keywords for Your Resume

security governancethird-party risk managementTPRMNIST CSFISO 27001SOC2PCIAuditBoardJiraSigmaTableauLookerMetricStreamCI/CDAPIsSSOOAuthSAMLTLSthreat modeling

Deal Breakers

Lack of 7+ years in information security/risk management, No experience managing teams, No experience with TPRM or governance programs

Apply for this Position →

Get matched to jobs like this

Luna finds roles that fit your skills and career goals — no endless scrolling required.

Create a Free Profile

Senior Manager, Security Risk Management

Get matched to jobs like this