Director, Governance, Risk & Compliance

The Director of Cybersecurity Governance, Risk, and Compliance at Marqeta is a pivotal role responsible for leading the strategic development and operational execution of the company's cybersecurity governance framework, risk management programs, and compliance initiatives. This position reports directly to the Chief Information Security Officer and serves as a key liaison between cybersecurity, business units, and external stakeholders to maintain Marqeta's security posture and customer trust.

In this role, the director will develop, implement, and maintain cybersecurity policies, standards, and control frameworks aligned with industry regulations and business objectives. They will establish and operate cybersecurity governance models, steering committees, and approval processes, while maintaining a unified control inventory and overseeing validation activities with internal and external assessors. Additionally, the director will design and execute comprehensive cybersecurity risk assessment frameworks and methodologies, manage risk treatment plans, remediation tracking, and escalation processes in alignment with enterprise risk management, and provide risk advisory services to integrate findings into strategic cybersecurity planning. They will also lead compliance readiness assessments, coordinate audit activities across multiple frameworks (PCI DSS, SOC 2, ISO 27001, etc.), manage audit findings remediation, and maintain compliance reporting for internal and external stakeholders. Furthermore, the director will oversee third-party cybersecurity risk assessments and vendor management processes, lead customer due diligence, security questionnaire responses, and Trust Center operations, and support sales enablement through security documentation and customer audit facilitation.

The ideal candidate will have over six years of experience in a security leadership role with deep expertise in cybersecurity governance, risk management, and compliance. They should have proven experience with regulatory frameworks such as PCI DSS, SOC 2, ISO 27001, NIST, and SOX, and experience in financial services, fintech, or highly regulated industries. Demonstrated success in audit management and customer-facing security assessments is essential, along with strong analytical and problem-solving capabilities with attention to detail. Excellent written and verbal communication skills for technical and executive audiences are required, as well as experience with GRC tools like OneTrust, ServiceNow, or similar platforms. A strong business acumen and the ability to align security initiatives with business objectives are necessary, along with a track record of cultivating relationships across teams, influencing decision-making, and collaborating with stakeholders at all levels of the organization. The candidate should have a proactive and strategic mindset, with the ability to anticipate business needs of the cybersecurity organization and stakeholders, and a strong bias toward action and ability to operate proactively and effectively in a dynamic, fast-paced environment. High ethical standards and a commitment to promoting a strong security culture are essential, along with one or more industry certifications such as CISM, CRISC, CISSP, ISO 27001 Lead Auditor, or equivalent.

Marqeta offers a flexible work environment, allowing employees to choose their best working environment, whether that be from home or at a company office. Compensation is aligned according to three tiers within the United States, with the National tier applying to most of the geographic territory. Specific compensation details are not provided in the available information. Benefits and perks are not specified in the provided information.

Marqeta is a leading global modern card-issuing platform that enables businesses to create, manage, and distribute payment cards. The company is committed to fostering a diverse and inclusive culture, offering opportunities for professional growth and development. Employees are encouraged to contribute to the company's mission of delivering innovative payment solutions to clients worldwide.