Security Compliance Lead
Lightspark
Legal
Culver City, CA, USA
Posted on Dec 25, 2024
The Internet lacks a protocol for money. Lightspark is building the tools and services to make it happen. Lightspark builds enterprise-ready infrastructure for open payments for the Internet at scale using the Lightning Network. An always-on, low-cost, universal payment network will completely transform how money is moved, enabling businesses and developers to transform existing solutions and build new financial systems, services, and processes accessible to everyone, transcending geographical restraints. Lightspark is headquartered in Los Angeles, California, but serves the world.
At Lightspark, we are pioneering the future of payments by leveraging the Bitcoin network and diving deep into the capabilities of the Lightning Network. Our mission is to make money flow and unlock the global opportunity.
We are seeking a Security Compliance Lead to run and improve Lightspark’s technology security compliance program. This includes driving technical projects that enhance our compliance infrastructure. You will play a crucial role in identifying necessary security and compliance controls in the context of our quickly growing and evolving business and tech stack, building and deploying policies and governance, and working with our engineering department to implement best-in-class security practices and long-term security strategies.
This position requires strategic thinking, hands-on execution, and the ability to work effectively across multiple teams. The ideal candidate will have a proven track record in compliance and policy building and adhering to the highest security standards. An engineering background is a plus but by no means required.
WHAT YOU’LL BE DOING:
We will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the State of California Fair Chance Initiative for Hiring.
Compensation Range: $185K - $215K
At Lightspark, we are pioneering the future of payments by leveraging the Bitcoin network and diving deep into the capabilities of the Lightning Network. Our mission is to make money flow and unlock the global opportunity.
We are seeking a Security Compliance Lead to run and improve Lightspark’s technology security compliance program. This includes driving technical projects that enhance our compliance infrastructure. You will play a crucial role in identifying necessary security and compliance controls in the context of our quickly growing and evolving business and tech stack, building and deploying policies and governance, and working with our engineering department to implement best-in-class security practices and long-term security strategies.
This position requires strategic thinking, hands-on execution, and the ability to work effectively across multiple teams. The ideal candidate will have a proven track record in compliance and policy building and adhering to the highest security standards. An engineering background is a plus but by no means required.
WHAT YOU’LL BE DOING:
- Ensure adequate project management tracking and facilitate communication within the program, team and other stakeholders
- Collaborate with engineering, IT, and business owners to define program requirements, set priorities, and establish scope of policies and programs
- Manage interdependencies across operations & projects within the program to mitigate roadblocks to ensure critical project delivery on time
- Develop and maintain technical policies, standards, and guidelines aligned with organizational objectives and legal requirements, including compliance and audit planning
- Drive improvements to our SOC 2 program, including the addition of additional TSC and underlying design, implementation and operating effectiveness of controls
- Manage technical audits (e.g. code audits, security audits), SOC2 program, customer due diligence processes, and third party risk management program, liaising directly with external stakeholders, as well as manage the process of internally conducted reviews and audits of our programs, ensuring compliance with best in class security industry standards
- Program manage security related system implementations, third party and internal, for end to end delivery.
- Design and execute security training and awareness programs for the technical organizations as well as assist in the coordination and delivery of other company specific trainings
- Create process improvements within the team, using data and metrics tracking within team
- Startup Mentality: While the role is balanced on strategy, program management, and hands-on execution, you will be expected to act as an individual contributor when needed. We are a startup!
- A minimum of 4 years of experience in security policy and compliance for technology.
- Knowledge of industry standards like ISO 27001, NIST, or OWASP is a plus
- Understanding of payment-related regulations such as PCI-DSS, PSD2, and other regional compliance requirements
- Preferred certifications: PMP, CISSP, CEH, or equivalent
- Experience being flexible and thrives in fast-paced changing problem spaces
- Excellent problem-solving, analytical, and communication skills
We will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the State of California Fair Chance Initiative for Hiring.
Compensation Range: $185K - $215K