Manager, Vulnerability & Attack Surface Management

DescriptionWho we are: MoneyGram is a customer-centric, digital-first, cross-border money movement network. Through our strong culture of fintech innovation, we’re transforming the way consumers and businesses send and receive money in nearly every country around the world.  Thanks to our cutting-edge platform and strategic partnerships with some of the world’s leading brands, we are helping our millions of customers globally do more with their money through a comprehensive suite of digital and in-person products and services. This is all made possible by our dedicated and diverse team of professionals around the world. If you’re ready for a career journey filled with exciting opportunities, come aboard and let’s drive the future of payments together at MoneyGram! The Numbers: We serve over 50 million people every year in over 200 countries and territories  We're a global team of over 2,000 from 36 countries around the world  We process over $200 billion annually with digital transactions now making up about 50% of our money transfer businessWe’re known for our strong culture globally, demonstrated by:  “Top Workplaces USA” award winner (three consecutive years in a row!) One of the “Best Places to Work” in the Middle East Winner of many regional awards, such as “Friendly Workplace in Poland” and “Top Workplace in DFW” by The Dallas Morning NewsWhat you will contribute:The Manager, Information Security leads information security initiatives for the Company. As the Manager of Information Security, you will be at the forefront of safeguarding MoneyGram’s systems and data. Your primary responsibility will be to lead a team in ensuring the integrity, confidentiality, and availability of our systems and data through proactive vulnerability management, robust application security practices, and efficient detection of security threats. You will play a pivotal role in enhancing our security posture by managing third-party penetration testing activities and ensuring the timely remediation of any findings.  What you’ll do:Lead a vulnerability management program that ensures vulnerabilities are detected, assessed for severity, and remediated in accordance with Company policies.Lead efforts to ensure application security is effectively incorporated into the SDLC.  Drive efforts to incorporate threat intelligence into all information security processes, with a bias towards actionable intelligence.Partner with engineering teams to ensure that secure coding practices are implemented in accordance with application security standards. Conduct regular security assessments of applications to identify vulnerabilities and work with development teams to address findings.Manage engagements with third-party penetration testing vendors to assess the security posture of MoneyGram infrastructure and applications. Collaborate with security architects to ensure MoneyGram systems align with company information security policies and standards.Keep abreast of new and evolving security threats to ensure the Company remains adequately protected.Consults with business partners on security matters to ensure security efforts are aligned across the enterprise.Responds to regulatory and audit requests to support compliance initiatives.Performs other duties as assigned.What we’re looking for:8+ years' Information Security experience.2+ years' experience managing direct reports; includes employee selection, motivation, coaching, and providing timely defensible constructive feedback.Proven experience in information security domains of vulnerability management and application security.Knowledge of common security frameworks (NIST CSF, ISO) and regulatory requirements (PCI, GDPR, DORA)Technical expertise in application security tools and functions, including dynamic application security testing (DAST) and static application security testing (SAST)Hands-on experience with industry-leading vulnerability management tools such as Qualys, Nessus, or Rapid7, including configuration, tuning, and reporting.Deep understanding of common web application vulnerabilities (e.g., OWASP Top 10) and techniques for mitigating them.Familiarity with cloud security principles and best practices, particularly in assessing and securing cloud-based applications and infrastructure (e.g., AWS, Azure, GCP).Bachelor’s degree in computer science, Information Security or a related field; or equivalent experience.  Certified Information System Security Professional (CISSP), CISA, CISM or equivalent certifications desired.  Why you will love working here: Your future is in your hands.  When you start a career at MoneyGram, you join a talented and motivated team that builds the success of a trusted, global provider of innovative money transfer and payment services. Here are some reasons it is so easy to love your career with us! Flexible Remote First FlexibilityGenerous PTO13 Paid Holidays  Medical / Dental / Vision InsuranceLife, Disability and other benefits401K with competitive Employer MatchCommunity Service DaysGenerous parental leave Salary:Anticipated Base Pay: $150K - $175K + participation in our annual bonus plan. Disclaimer:  The salary/pay rate listed is a good faith determination that may be offered to a successful applicant for this position at the time of this job advertisement based on company hiring process and budget for this role and may be modified in the future. Actual compensation may vary from posting based on geographic location, work experience, education and/or skill level. #LI-REMOTEQualificationsJob Field: Information SecurityOrganization: Information TechnologySchedule: Full-timeTravel: Yes, 15 % of the Time