Be an early applicantLess than 25 applicants

This job has closed.

Company

Original Job Post

Sandbox Banking · 2 days ago

Security Program Manager

Los Angeles, CA

Full-time

Remote

Senior Level

$140K/yr - $150K/yr

3+ years exp

Wonder how qualified you are to the job?

Maximize your interview chances

BankingData Integration

Insider Connection @Sandbox Banking

Discover valuable connections within the company who might provide insights and potential referrals, giving your job application an inside edge.

Responsibilities

Work closely with the CTO, architects, engineers, and system administrators to ensure security is maintained as new functionality is delivered;

Design and implement standards, policies, guidelines and appropriate architectural principles to ensure the firm’s cyber security goals continue to be met;

Provide risk-based direction in conjunction with IT teams for future system enhancements in line with the overall firm’s strategy;

Recognize potential opportunities to enhance the firm’s security and help deliver the necessary changes to realize such gains;

Provide security subject matter expertise to support relationships with partners, customers, and vendors;

Ensure systems and their information handling comply with current and (to the extent they’re predictable) future requirements;

Ensure Sandbox Banking runs effective data classification processes;

Ensure Sandbox Banking runs effective data retention processes;

Ensure governance, policy and procedures in relation to information security meet agreed standards within the company;

Appropriately scope and manage penetration testing of company infrastructure, products, services, and processes;

Scope and implement appropriate vulnerability discovery technologies and processes;

Project manage and complete annual internal security audit;

Project manage and complete annual SOC 2 Type 2 audit;

Project manage and complete quarterly access reviews;

Maintain sufficiently updated standard vendor due diligence packets for partners and customers;

Handle bespoke vendor due diligence requests from partners and customers;

Provide security-related feedback and suggestions to help harden the company’s products and services;

Scope, design/source, and ensure the delivery of appropriate security training for Sandbox Banking personnel;

Refine and test the company’s incident reporting and breach management policies;

Execute the company’s incident reporting and breach management procedures as necessary. This would require oversight and guidance during security incidents and investigations. It would include root cause analysis, communication with appropriate internal and external parties, and deriving appropriate learnings to be utilized for strengthening the company’s security posture;

Provide quality reporting to summarize security posture details and security testing outcomes. Reports will include objectives, planning, methodology, results, analysis and recommendations to both technical and non-technical audiences;

Extend system development life cycle (SDLC) and enforce SDLC compliance to maintain and enhance security;

Selectively perform security code reviews of product changes;

Selectively perform security reviews of infrastructure and network changes;

Selectively perform security reviews of integration logic changes;

Perform initial and ongoing security reviews of (sometimes prospective) company vendors and providers;

Continuously update the candidate’s own knowledge of security trends, developments, and best practices;

Continuously nurture the company’s cultural focus on security;

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

PythonJavaScriptNetwork EngineeringSOC 2 Type 2 AuditOSCPISACACISSPCISACRISCSABSAISO 27001ISF StandardsCloud-Based SaaSInformation Technology SystemsInformation Security PrinciplesAWSProject ManagementSecurity Best-PracticesProblem-SolvingCommunicationAnalyticalOrganizationalCreativityPCI DSSRegulatory ComplianceBanking TechnologyStartup Experience

Required

Minimum of 3 years experience working in full-time role focused on cyber security, with additional experience strongly preferred

Minimum of 3 years experience working in a full-time role as a software engineer or application developer, with additional experience strongly preferred

Proficiency with both Python and JavaScript

Strong understanding of network engineering, architecture, and standard network diagnostics tooling

Strong understanding of the SOC 2 Type 2 audit process and experience leading a company’s efforts to complete the audit

One of the following qualifications/certifications: OSCP, ISACA, CISSP, CISA, CRISC, SABSA. Multiple credentials are preferred

Broad and deep understanding of information security principles and best practices (e.g., ISO 27001, ISF Standards of Good Practice for Information Security), especially as they relate to cloud-based SaaS products

Broad knowledge of information technology systems and deep understanding of the inherent security risks associated with these technologies

Strong communication skills, including the ability to present security topics to non-technical audiences, articulate the business value and risks of various decisions, and train employees

Abreast of current industry security trends, developments, and related government regulations

Strong understanding of Amazon Web Services (AWS) and related security best-practices

Strong project management and organizational skills, especially as they relate to the cross-functional management of individuals within different departments to complete security-focused work

Strong analytical and creative skills; ability to provide security solutions that sufficiently protect systems and data while maximizing employee productivity and customer value