Marqeta powers innovative payment solutions for many of the apps and services you enjoy daily. Our open API provides unprecedented flexibility and control for industry-leading companies such as Uber, Coinbase, J.P.Morgan, and Block, to manage payment operations in real-time.
Our team is a mix of industry experts and technology innovators who take a dynamic approach to solving challenging problems. Marqeta was named a 2022 Glassdoor Best Place to Work, highlighting our company culture and collaborative work environment. We are building a global team as diverse as the markets we serve and we’d love it if you joined us on our mission to change the way money moves.
We’re a remote-first company. You have the choice to work from wherever you’re happiest and most productive, whether that’s from home, a co-working space, or one of our four global offices, depending on your location. It’s uncommon for candidates to match all job requirements, but if you’re not far off, we want to hear from you.
The Senior Technical Compliance Analyst is responsible for driving implementation of security controls and maintaining our technical compliance program. This role will collaborate with cross-functional teams to assess internal control effectiveness, facilitate external audits, drive remediation of risks and articulate the Company’s compliance posture to our auditors, customers and partners. This position partners closely with our Security Engineering Team, Technology, Product, Internal Audit, Legal, Sales and Operations teams to monitor the controls required to meet key security standards and regulatory requirements, including PCI DSS, PCI 3DS, SOX, ISO 27001, GDPR and SSAE 18. This role reports to the Technical Compliance Manager.
What you'll do
- Maintain and implement a Common Controls Framework based on security and data protection standards (e.g. PCI, ISO, NIST, GDPR, etc.)
- Identify, document and map technology processes, systems and internal controls of applicable technology infrastructure and operational areas per the scope of audit projects
- Partner with Security and Control Owners across the organization to design and mature security controls
- Perform testing and monitoring including inquiry, observation, documentation gathering and other analysis to assess compliance with security and data protection policies and regulatory requirements
- Develop recommendations to remediate issues identified during assessments
- Foster strong cross-functional partnerships to drive remediation of findings and execution of security compliance objectives and goals
- Facilitate internal and external security and privacy audits
What we're looking for
- Masters or Bachelors degree in Computer Science, Information Security, Information Technology or equivalent experience
- Minimum 4 years industry experience in Information Security, IT Risk Management, IT Audit or Compliance
- Experience designing and integrating technical regulations and standards (e.g. PCI DSS, ISO 27001, SOC2, SOX, NIST, etc.) into new products and services
- Experience working with global privacy and data protection regulations is a plus (e.g. GDPR, CCPA)
- A strong bias toward action and able to operate effectively in a dynamic, fast-paced environment
- Excellent verbal and written communication skills including the ability to simplify key security messages and translate technical matters to non-technical audiences
- Positive attitude, team player, adaptable, resourceful, and self-starter who is able to work independently
- CISSP, CISM, CISA, CIPP preferred
Benefits and Perks
- Flexible time off – take what you need
- Retirement savings program with company contribution
- Employee insurance premiums paid 100% + coverage for dependents and pets
- Family forming benefits including fertility support and up to 20 weeks Parental Leave
- Free therapy sessions, financial coaching, and a Wellness stipend
- Monthly stipend to support our hybrid work model
- Equity in a publicly-traded company
- Bi-annual “Hack Week” to support and reward innovation
Our Applicant and Candidate Privacy Notice applies to the personal data that you directly provide to us or that we collect during the application and candidate recruitment process.