Material Bank® · 14 hours ago
Sr. Program Manager, Information Security
United States
Full-time
Remote
Senior Level, Lead/Staff
8+ years expMaterial Bank is the world’s largest material marketplace for the architecture and design industry. They are seeking a Program Manager, Information Security to lead and mature the company’s enterprise information security program, focusing on security governance, risk management, and compliance across their cloud-based platforms. The role involves establishing security policies, managing audits, and ensuring data protection while driving the overall security strategy aligned with business growth.
ArchitectureIndustrial DesignInterior DesignMarketplaceRetail
Responsibilities
Lead and mature Material Bank’s enterprise information security program through a multi year roadmap aligned to business strategy, growth, and global expansion
Establish and maintain security policies, standards, and operating procedures that scale across cloud platforms, applications, data, and emerging technologies, including AI
Own the security risk management framework, including risk identification, scoring, acceptance, tracking, and executive reporting, supported by a maintained risk register and clear visibility into trends and remediation status
Define and track security metrics and KPIs that demonstrate program effectiveness, predictability, and maturity
Own audit, compliance, and assurance efforts, including SOC 2 Type I and progression to Type II, ensuring controls are implemented, evidence is maintained, and audits remain repeatable and low friction
Lead customer security questionnaires and enterprise assurance requests in partnership with Legal, IT, and Engineering
Support privacy and regulatory obligations, including GDPR, ROPA inventories, and regional data requirements
Define and enforce security requirements for AWS infrastructure using native cloud security services and guardrails
Establish application security standards across internal and customer facing platforms, including secure SDLC practices, penetration testing, and remediation accountability
Conduct security assessments for new systems, architectures, and major platform changes
Own identity and access management strategy, including SSO, role based access, provisioning, and periodic access reviews
Establish enterprise wide data classification and data handling standards
Ensure access and data protection controls scale with growth and global expansion through partnership with IT, Engineering, and platform owners
Own detection, incident response, and resilience strategy, including playbooks, third party incident response coordination, post incident analysis, security monitoring, alerting, and continuous improvement
Support disaster recovery and business continuity planning from a security perspective, including tabletop exercises and recovery documentation
Own the security technology stack, including endpoint protection, vulnerability management, monitoring, and security awareness tooling
Evaluate, select, and manage security vendors for effectiveness and cost efficiency
Directly implement and remediate security controls, configurations, and tooling gaps when risk, timing, or dependency constraints require hands on execution
Leverage automation and AI assisted workflows to operate efficiently as a one person function
Determine when remediation should be executed directly versus driven through Engineering, IT, or Infrastructure, and ensure closure in all cases
Perform vendor security reviews, ongoing third party risk monitoring, remediation tracking, and executive risk acceptance
Support security due diligence for acquisitions, integrations, and major partnerships when applicable
Qualification
Required
8+ years of experience in information security, security engineering, or security program leadership
Direct ownership of SOC 2 or comparable assurance frameworks, including implementation, remediation, and sustained operation
Strong working knowledge of AWS cloud security, identity and access management, application security, and incident response
Demonstrated ability to operate independently with high accountability and limited resources
Proven ability to define strategy while executing hands on remediation when needed
Strong judgment in prioritizing risk and making pragmatic tradeoffs aligned to business needs
Ability to communicate security risk clearly to both technical and non technical stakeholders
Experience building security programs that scale globally without requiring a traditional security organization
Benefits
Flexible PTO
Sick Days
Paid National Holidays
Health Benefits
401(k) eligible after your first 90 day's employed!
Giving Back
Flexible Work Schedules
Company
Material Bank®
Material Bank is the fastest and most powerful way to search and sustainably sample design materials.
201-500 employees
H1B Sponsorship
Material Bank® has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2024 (1)
Funding
Current Stage
Late StageTotal Funding
$323.2MKey Investors
Brookfield GrowthFJ LabsDurable Capital Partners,General Catalyst
2022-05-05Series D· $175M
2021-10-21Secondary Market
2021-05-06Series C· $100M
Leadership Team
Peter Fain
COO and Co-Founder
Stephen Smith
Chief Logistics Officer
Recent News
General Catalyst
2026-01-13
Google Patent
2025-05-04
Company data provided by crunchbase