Keyrock is hiring a Senior Security Program Manager

Responsibilities

• Manage a collection of security programs, including planning, resource allocation, milestones, dependencies, risk/issue management, and outcomes.
• Develop and maintain multi-quarter roadmaps that align with the firm's business and operational models across various venues and services, including centralized and decentralized exchanges and liquidity services.
• Set up governance and operational cadence, including steering meetings, status reports, program reviews, and executive updates.
• Assist the Chief Information Security Officer in executing firmwide security initiatives.
• Work with Security and Engineering teams to advance key initiatives, such as access governance, secrets management, vulnerability remediation, security logging/monitoring enhancements, endpoint security, baseline security, and secure software development lifecycle (SDLC) enablement.
• Improve control coverage and evidence for internal and external assurance requirements, particularly in a financial services context.
• Collaborate with the Director of Governance, Risk, and Compliance (GRC) to support GRC and audit initiatives.
• Partner with Security Operations to enhance incident preparedness through playbooks, tabletop exercises, lessons learned, and operational runbooks, ensuring effective security response in a high-availability trading environment.
• Act as a liaison between technical and business stakeholders, clarifying responsibilities, removing obstacles, and maintaining program momentum through clear communication.
• Create lightweight, scalable processes that enhance security consistency without impeding team productivity.

Work Arrangement

Hybrid

Team

The team consists of over 200 members from 42 different nationalities, with backgrounds ranging from DeFi experts to PhDs.

Responsibilities

• Own a portfolio of security programs (planning, resourcing, milestones, dependencies, risk/issue management, and outcomes).
• Create and maintain multi-quarter roadmaps aligned to Keyrock’s business and operating model across venues and services (CEX/DEX and liquidity services).
• Establish governance and operating cadence: steering meetings, status reporting, program reviews, and executive updates.
• Support the CISO in delivering firmwide initiatives.
• Partner with Security and Engineering teams to drive key initiatives such as: access governance, secrets management, vulnerability remediation, security logging/monitoring improvements, endpoint/security baseline, and secure SDLC enablement.
• Help mature control coverage and evidence for internal/external assurance needs (as applicable in a financial-services context).
• Partner with the Director of GRC to support GRC and audit initiatives.
• Partner with Security Operations to improve incident preparedness through playbooks, tabletop exercises, lessons learned, and operational runbooks—ensuring security response stays effective in a high-availability trading environment.
• Act as the “glue” across technical and business stakeholders—clarifying ownership, unblocking delivery, and keeping programs moving with crisp communication.
• Build lightweight, scalable processes that improve security consistency without slowing teams.