Sr. Program Manager, Information Security

• Security program leadership and governance • Lead and mature Material Bank’s enterprise information security program through a multi year roadmap aligned to business strategy, growth, and global expansion. • Establish and maintain security policies, standards, and operating procedures that scale across cloud platforms, applications, data, and emerging technologies, including AI. • Own the security risk management framework, including risk identification, scoring, acceptance, tracking, and executive reporting, supported by a maintained risk register and clear visibility into trends and remediation status. • Define and track security metrics and KPIs that demonstrate program effectiveness, predictability, and maturity. • Audit, compliance, and assurance • Own audit, compliance, and assurance efforts, including SOC 2 Type I and progression to Type II, ensuring controls are implemented, evidence is maintained, and audits remain repeatable and low friction. • Lead customer security questionnaires and enterprise assurance requests in partnership with Legal, IT, and Engineering. • Support privacy and regulatory obligations, including GDPR, ROPA inventories, and regional data requirements. • Cloud, application, and platform security • Define and enforce security requirements for AWS infrastructure using native cloud security services and guardrails. • Establish application security standards across internal and customer facing platforms, including secure SDLC practices, penetration testing, and remediation accountability. • Conduct security assessments for new systems, architectures, and major platform changes. • Identity, access, and data protection • Own identity and access management strategy, including SSO, role based access, provisioning, and periodic access reviews. • Establish enterprise wide data classification and data handling standards. • Ensure access and data protection controls scale with growth and global expansion through partnership with IT, Engineering, and platform owners. • Detection, response, and resilience • Own detection, incident response, and resilience strategy, including playbooks, third party incident response coordination, post incident analysis, security monitoring, alerting, and continuous improvement. • Support disaster recovery and business continuity planning from a security perspective, including tabletop exercises and recovery documentation. • Security technology, automation, and remediation • Own the security technology stack, including endpoint protection, vulnerability management, monitoring, and security awareness tooling. • Evaluate, select, and manage security vendors for effectiveness and cost efficiency. • Directly implement and remediate security controls, configurations, and tooling gaps when risk, timing, or dependency constraints require hands on execution. • Leverage automation and AI assisted workflows to operate efficiently as a one person function. • Determine when remediation should be executed directly versus driven through Engineering, IT, or Infrastructure, and ensure closure in all cases. • Third party and business risk • Perform vendor security reviews, ongoing third party risk monitoring, remediation tracking, and executive risk acceptance. • Support security due diligence for acquisitions, integrations, and major partnerships when applicable.