Cybesecurity Architect

Spreedly is the world's leading Open Payments Platform. Founded in 2007 and headquartered in Durham, NC, the company gives mid-market and enterprise businesses the infrastructure to connect to any payment gateway, processor, or fraud tool through a single API. The platform is vendor-agnostic by design, meaning customers are never locked into a single provider and never need to rebuild their payments stack to access new capabilities.

Spreedly provides an open payments platform. The platform’s connectivity provides payments performance. Key products and services include:

Connect — A unified API that integrates with hundreds of payment gateways, processors, and alternative payment methods worldwide, including digital wallets. Merchants access the global payments ecosystem through one connection.
Vault — A PCI-compliant secure repository for payment methods. Merchants store card data once and reuse it across any payment service, reducing PCI scope and protecting cardholder data at scale.
Optimize — Workflow-driven routing and retry logic that directs each transaction to the best-performing gateway in real time. On average, 7.9% of failed transactions succeed immediately when retried on a secondary gateway. This is where merchants recover lost revenue and increase authorization success rates.
Protect — A flexible fraud and authentication layer, incorporating advanced fraud tools and 3DS. Following Spreedly's acquisition of Dodgeball in September 2025, fraud orchestration and payment optimization now operate within the same platform.
Resolve — Centralized management and reporting that reduces operational silos, strengthens security, and improves billing control across a merchant's entire payment operation.

We describe our team as "Spreedlings": diverse, forward-thinking, and driven by a shared belief that a more open payments ecosystem benefits everyone. The company operates with a culture built on transparency, courageous collaboration, and self-driven leadership. The team values simplicity in both product and process, and approaches problem-solving with genuine curiosity.

As a Cybersecurity Architect at Spreedly, you will be a key leader in the Information Security Team, responsible for designing, building, and maintaining the security architecture that protects our systems, networks, and data against evolving cyber threats. In this senior role, you will provide technical security leadership and influence strategic initiatives to ensure the confidentiality, integrity, and availability of Spreedly’s data, particularly within our open payments platform. You will work closely with other engineering and product teams to intentionally integrate security controls into future product offerings and to align security strategies with business and technology goals.

The ideal candidate will possess expertise within the payments or financial services, demonstrating a sophisticated understanding of high-volume transaction processing, payment orchestration, and the unique security risks associated with global financial data flows. This includes a proven track record of architecting secure, low-latency solutions that maintain rigorous compliance with PCI DSS and international financial regulations while enabling seamless, API-driven innovation.

Security Architecture & Design: Design, build, and implement robust security architectures for all Engineering projects and systems, including future products that incorporate AI/ML technology.

Security Architecture Roadmap: Lead, maintain, and drive the multi-year security architecture roadmap, ensuring it remains dynamic and aligned with business objectives, product innovation, and the evolving threat landscape.

Emerging Tech Governance: Develop secure frameworks for AI/ML deployments and manage the long-term transition to Post-Quantum Cryptography (PQC) standards.

Product Security Strategy: Partner with product and engineering leaders to define the overarching product security strategy, ensuring security is a core enabler of product innovation and high-scale payment orchestration.

Global Expansion Expertise: Serve as the lead security advisor for international market expansion, ensuring architecture aligns with regional data residency requirements, localized payment regulations, and international standards.

Compliance & Policy: Recommend updates to corporate security policies to ensure controls grow with the business, specifically targeting compliance with PCI DSS,  ISO-27001, ISO-27701, ISO-42001, and emergent payment security regulations across global markets.

Security Leadership: Provide technical guidance for Engineering teams and lead security-related cross-functional and business-driven projects.

Continuous Improvement: Stay updated on the latest security trends, threat intelligence, and attack vectors to continuously improve the security posture.

10+ years of experience in cybersecurity, with a focus on designing, planning, and integrating enterprise-class security systems.

Proven experience in architecting security for emerging technologies, including AI/ML and advanced cryptographic systems.

Deep expertise in IT security architecture, cloud security (AWS, Azure, Google Cloud), and network security.

Experience with threat modeling, vulnerability testing, and security assessments in a high-growth environment.

Strong understanding of security frameworks and compliance standards such as PCI DSS, SOC 2, ISO 27001, ISO 27701, and ISO 42001.

Proficiency in programming and scripting languages (e.g., Python, Ruby, JavaScript).

Exceptional communication and leadership skills, with the ability to convey complex security concepts to both technical and non-technical audiences, including executives.

Expertise in designing scalable security solutions, including uplifting API security and authentication, while securing global data flows.

A proactive and inquisitive mindset, with the ability to think like a malicious hacker to anticipate risks.

Ability to operate autonomously in a fast-paced environment, prioritizing needs from a variety of stakeholders across different global regions.