Director, Governance, Risk & Compliance

As Marqeta's Director of Cybersecurity Governance, Risk and Compliance you will lead the strategic development and operational execution of Marqeta's cybersecurity governance framework, risk management programs, and compliance initiatives. This role is responsible for establishing comprehensive policies, standards, and controls while ensuring alignment with regulatory requirements and business objectives. The position serves as a key liaison between cybersecurity, business units, and external stakeholders to maintain Marqeta's security posture and customer trust. This role reports to the Chief Information Security Officer.

We work Flexible First. This role can be performed remotely in the United States, only in one of our Premium or National locations, which you can review here.

• Governance & Policy Management
• Develop, implement, and maintain cybersecurity policies, standards, and control frameworks aligned with industry regulations and business objectives
• Establish and operate cybersecurity governance models, steering committees, and approval processes
• Maintain unified control inventory and oversee validation activities with internal and external assessors
• Risk Management
• Design and execute comprehensive cybersecurity risk assessment frameworks and methodologies
• Manage risk treatment plans, remediation tracking, and escalation processes in alignment with enterprise risk management
• Provide risk advisory services and integrate findings into strategic cybersecurity planning
• Compliance & Audit Support
• Lead compliance readiness assessments and coordinate audit activities across multiple frameworks (PCI DSS, SOC 2, ISO 27001, etc.)
• Manage audit findings remediation and maintain compliance reporting for internal and external stakeholders
• Support legal and contract negotiations regarding cybersecurity requirements
• Third-Party & Customer Trust
• Oversee third-party cybersecurity risk assessments and vendor management processes
• Lead customer due diligence, security questionnaire responses, and Trust Center operations
• Support sales enablement through security documentation and customer audit facilitation

• Proven experience (6+ years) in a security leadership role with deep expertise in cybersecurity governance, risk management, and compliance
• Proven experience with regulatory frameworks (PCI DSS, SOC 2, ISO 27001, NIST, SOX)
• Experience in financial services, fintech, or highly regulated industries
• Demonstrated success in audit management and customer-facing security assessments
• Strong analytical and problem-solving capabilities with attention to detail
• Excellent written and verbal communication skills for technical and executive audiences
• Experience with GRC tools (OneTrust, ServiceNow, or similar platforms)
• Strong business acumen and ability to align security initiatives with business objectives
• Track record of cultivating relationships across teams, influencing decision making, and collaborating with stakeholders at all levels of the organization
• Proven ability to develop structure, advance execution, and measure performance within various and complex projects, teams, and environment
• Proactive and strategic mindset, with the ability to anticipate business needs of the cybersecurity organization and stakeholders
• A strong bias toward action and ability to operate proactively and effectively in a dynamic, fast-paced environment
• High ethical standards and a commitment to promoting a strong security culture
• One or more industry certifications: CISM, CRISC, CISSP, ISO 27001 Lead Auditor, or equivalent

• Bachelor's or Master's degree in Computer Science, Information Security, or related field
• Experience with cloud security frameworks and third-party risk management
• Knowledge of M&A cybersecurity due diligence processes
• Experience in customer trust and sales enablement functions

• Heather Gantt-Evans

• Kayla Osuna

• Application submission
• Recruiter phone call
• Hiring manager video call
• Virtual “Onsite” (Round 1) consisting of 4-5, 45 min interviews
• Virtual “Onsite” (Round 2 - Post down selection) 3 - 45 minute interviews (2) E-Team + (1) BOD Member
• Offer!