Sr. Security Program Manager
As a Sr. Security Program Manager on the Information Security team, you will contribute significantly to the scaling and optimization of our security program, helping proactively mitigate information risks. You will support the implementation of a comprehensive, 'security-by-design' operational model across the organization.
This role requires a blend of strategic planning, hands-on project execution, and strong security expertise. You will be an important link across business units, ensuring security standards are met and assisting in customer diligence activities to reinforce EDB’s security and compliance posture.
What your impact will be:
Contribute to the scaling and refinement of EDB's control framework and associated policies and procedures to support business growth and reduce inherent information risks.
Support the integration of new security frameworks, including ISO 27001 and ISO 42001.
Assist in the annual planning process for Information Security initiatives, ensuring alignment with business objectives and demonstrating the program's value-add.
Help develop and implement a metrics-based program to measure the performance, efficiency, and effectiveness of EDB’s information security initiatives.
Collaborate with Product Management and Engineering teams to embed security-by-design principles into the development lifecycle and delivery process.
Establish essential working relationships with engineering leadership, product management, and executive management.
Educate and consult with control owners on effective control environments and appropriate audit evidence.
Translate complex security frameworks into actionable control designs and support implementation.
Coordinate and support internal teams during third-party auditor engagements.
Manage the process for security control exception lifecycle, managing the request, approval, and time bound remediation of approved control deviations.
Assist in the overall optimization of the sales process from contract review to security diligence.
Contribute to customer security diligence efforts, managing questionnaires and requests while continuously improving the efficiency and effectiveness of the response process.
Guide team members on priority tasks and project execution, as needed.
What You Will Bring:
Proven experience in information security and compliance, including project management.
Strong experience with auditing security objectives of SOC2, HIPAA, FedRAMP (800-53), NIST, and ISO 27001.
Ability to navigate compliance controls and cloud security best practices.
Proven project management skills, with the ability to manage multiple projects simultaneously.
Excellent communication skills to keep internal and external stakeholders aligned.
Drive, a proactive attitude, and thorough attention to detail.
What Will Give You an Edge:
Certifications: Certified Information Security Auditor (CISA), Certified Information Systems Security Professional (CISSP), or other technical certifications.
Project Management certification (e.g., PMP).
Experience with Hyperproof GRC Platform and Atlassian Suite.
About the job
Apply for this position
Sr. Security Program Manager
As a Sr. Security Program Manager on the Information Security team, you will contribute significantly to the scaling and optimization of our security program, helping proactively mitigate information risks. You will support the implementation of a comprehensive, 'security-by-design' operational model across the organization.
This role requires a blend of strategic planning, hands-on project execution, and strong security expertise. You will be an important link across business units, ensuring security standards are met and assisting in customer diligence activities to reinforce EDB’s security and compliance posture.
What your impact will be:
Contribute to the scaling and refinement of EDB's control framework and associated policies and procedures to support business growth and reduce inherent information risks.
Support the integration of new security frameworks, including ISO 27001 and ISO 42001.
Assist in the annual planning process for Information Security initiatives, ensuring alignment with business objectives and demonstrating the program's value-add.
Help develop and implement a metrics-based program to measure the performance, efficiency, and effectiveness of EDB’s information security initiatives.
Collaborate with Product Management and Engineering teams to embed security-by-design principles into the development lifecycle and delivery process.
Establish essential working relationships with engineering leadership, product management, and executive management.
Educate and consult with control owners on effective control environments and appropriate audit evidence.
Translate complex security frameworks into actionable control designs and support implementation.
Coordinate and support internal teams during third-party auditor engagements.
Manage the process for security control exception lifecycle, managing the request, approval, and time bound remediation of approved control deviations.
Assist in the overall optimization of the sales process from contract review to security diligence.
Contribute to customer security diligence efforts, managing questionnaires and requests while continuously improving the efficiency and effectiveness of the response process.
Guide team members on priority tasks and project execution, as needed.
What You Will Bring:
Proven experience in information security and compliance, including project management.
Strong experience with auditing security objectives of SOC2, HIPAA, FedRAMP (800-53), NIST, and ISO 27001.
Ability to navigate compliance controls and cloud security best practices.
Proven project management skills, with the ability to manage multiple projects simultaneously.
Excellent communication skills to keep internal and external stakeholders aligned.
Drive, a proactive attitude, and thorough attention to detail.
What Will Give You an Edge:
Certifications: Certified Information Security Auditor (CISA), Certified Information Systems Security Professional (CISSP), or other technical certifications.
Project Management certification (e.g., PMP).
Experience with Hyperproof GRC Platform and Atlassian Suite.