Material Bank

Senior Program Manager, Information Security

Material Bank

full-time

Posted on:

Location Type: Remote

Location: United States

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

AWSCloudSDLC

About the role

  • Lead and mature Material Bank’s enterprise information security program through a multi year roadmap aligned to business strategy, growth, and global expansion.
  • Establish and maintain security policies, standards, and operating procedures that scale across cloud platforms, applications, data, and emerging technologies, including AI.
  • Own the security risk management framework, including risk identification, scoring, acceptance, tracking, and executive reporting, supported by a maintained risk register and clear visibility into trends and remediation status.
  • Define and track security metrics and KPIs that demonstrate program effectiveness, predictability, and maturity.
  • Own audit, compliance, and assurance efforts, including SOC 2 Type I and progression to Type II, ensuring controls are implemented, evidence is maintained, and audits remain repeatable and low friction.
  • Lead customer security questionnaires and enterprise assurance requests in partnership with Legal, IT, and Engineering.
  • Support privacy and regulatory obligations, including GDPR, ROPA inventories, and regional data requirements.
  • Define and enforce security requirements for AWS infrastructure using native cloud security services and guardrails.
  • Establish application security standards across internal and customer facing platforms, including secure SDLC practices, penetration testing, and remediation accountability.
  • Conduct security assessments for new systems, architectures, and major platform changes.
  • Own identity and access management strategy, including SSO, role based access, provisioning, and periodic access reviews.
  • Establish enterprise wide data classification and data handling standards.
  • Ensure access and data protection controls scale with growth and global expansion through partnership with IT, Engineering, and platform owners.
  • Own detection, incident response, and resilience strategy, including playbooks, third party incident response coordination, post incident analysis, security monitoring, alerting, and continuous improvement.
  • Support disaster recovery and business continuity planning from a security perspective, including tabletop exercises and recovery documentation.
  • Own the security technology stack, including endpoint protection, vulnerability management, monitoring, and security awareness tooling.
  • Evaluate, select, and manage security vendors for effectiveness and cost efficiency.
  • Directly implement and remediate security controls, configurations, and tooling gaps when risk, timing, or dependency constraints require hands on execution.
  • Leverage automation and AI assisted workflows to operate efficiently as a one person function.
  • Perform vendor security reviews, ongoing third party risk monitoring, remediation tracking, and executive risk acceptance.

Requirements

  • 8+ years of experience in information security, security engineering, or security program leadership.
  • Direct ownership of SOC 2 or comparable assurance frameworks, including implementation, remediation, and sustained operation.
  • Strong working knowledge of AWS cloud security, identity and access management, application security, and incident response.
  • Demonstrated ability to operate independently with high accountability and limited resources.
  • Proven ability to define strategy while executing hands on remediation when needed.
  • Strong judgment in prioritizing risk and making pragmatic tradeoffs aligned to business needs.
  • Ability to communicate security risk clearly to both technical and non technical stakeholders.
  • Experience building security programs that scale globally without requiring a traditional security organization.
Benefits
  • Our people: We are a growth-driven team that values efficiency, builds smart automation, operates in small empowered teams, and moves quickly from idea to execution.
  • Relaxation and Celebrations: Flexible PTO, Sick Days, Paid National Holidays, and even more (ask us about this when we connect).
  • Health Benefits: We contribute to your medical, dental, vision and short-term/long-term disability plans and have a strong employee assistance program.
  • Plan for your Retirement: 401(k) eligible after your first 90 day's employed!
  • Giving Back: We sponsor multiple events throughout the year to help out our communities.
  • Growth: We’ll help you take your career to the next level. We want you to be creative and take initiative which will allow you to grow and create within the company. Most importantly, be the best at what matters!
  • Flexible Work Schedules: With business units and employees across the globe, Material Technologies has embraced a hybrid working model allowing department leaders to decide on the best approach for their respective teams, whether that be remote, in person, or a little of both.
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
information securitysecurity engineeringsecurity program leadershipSOC 2AWS cloud securityidentity and access managementapplication securityincident responserisk managementdata classification
Soft Skills
independent operationhigh accountabilitystrategic definitionhands-on remediationjudgment in prioritizing riskcommunication of security riskpragmatic tradeoffsbuilding scalable security programs