Summary

As a Senior Security Program Manager, you will drive execution of Keyrock’s highest-priority security initiatives across a fast-moving, always-on trading environment. You’ll build structure, visibility, and predictable delivery across security programs—partnering with Engineering, Infrastructure/Cloud, Trading/Quant Engineering, IT, Risk/Compliance, and leadership to reduce risk while enabling business velocity.

This role is ideal for someone who can translate security strategy into delivery: clear roadmaps, measurable outcomes, and strong cross-functional coordination.

What you’ll do

Program leadership & delivery

1. Own a portfolio of security programs (planning, resourcing, milestones, dependencies, risk/issue management, and outcomes).
2. Create and maintain multi-quarter roadmaps aligned to Keyrock’s business and operating model across venues and services (CEX/DEX and liquidity services).
3. Establish governance and operating cadence: steering meetings, status reporting, program reviews, and executive updates.
4. Support the CISO in delivering firmwide initiatives.

Security governance, risk, & control initiatives

1. Partner with Security and Engineering teams to drive key initiatives such as: access governance, secrets management, vulnerability remediation, security logging/monitoring improvements, endpoint/security baseline, and secure SDLC enablement.
2. Help mature control coverage and evidence for internal/external assurance needs (as applicable in a financial-services context).
3. Partner with the Director of GRC to support GRC and audit initiatives.

Incident readiness & operational resilience

1. Partner with Security Operations to improve incident preparedness through playbooks, tabletop exercises, lessons learned, and operational runbooks—ensuring security response stays effective in a high-availability trading environment.

Cross-functional influence

1. Act as the “glue” across technical and business stakeholders—clarifying ownership, unblocking delivery, and keeping programs moving with crisp communication.
2. Build lightweight, scalable processes that improve security consistency without slowing teams.

What success looks like (first 6–12 months)

1. A clearly prioritized security program roadmap with measurable KPIs and predictable execution.
2. Improved security readiness for key business areas, aligned with Keyrock’s activities (market making, OTC, options, treasury).
3. Higher stakeholder confidence via clear reporting, risk transparency, and consistent program delivery.

Minimum qualifications

1. 7+ years in security program management / technical program management / security operations program delivery.
2. Demonstrated experience running cross-functional programs across engineering and operations (scope, schedule, risks, dependencies).
3. Strong technical fluency in cloud/infra, identity/access, vulnerability management, security monitoring, and incident processes.
4. Excellent written/verbal communication with the ability to translate complex risk into clear priorities.

Preferred qualifications

1. Experience in fintech, trading, payments, or digital assets, especially environments requiring high uptime and rapid execution.
2. Familiarity with security frameworks (NIST CSF, ISO 27001) and audit/assurance concepts.
3. Experience supporting security programs that intersect with financial integrity domains (e.g., AML/CFT awareness is a plus given Keyrock’s financial-services context).
4. Relevant certifications (e.g., CISM, CISSP, CISA, CRISC, PMP) or equivalent demonstrated expertise.

Skills

• Leadership
• Operations
• Risk Analysis