Lightspark is the easiest, most reliable, enterprise-grade gateway to the Lightning Network, enabling money to move just like bits and bytes do on the Internet. Lightspark services aim to be the fastest, lowest cost, easiest and most reliable way to send and receive payments globally using Lightning. We want to deliver open payments for the Internet at scale and we’re laser-focused on solving real problems for our customers with best-in-class innovative software solutions. We aim to help businesses around the world benefit from real time payments and build amazing new experiences for themselves and their customers. Lightspark is headquartered in Los Angeles but serving the world.

At Lightspark, we are pioneering the future of payments by leveraging the Bitcoin network and diving deep into the capabilities of the Lightning Network. Our mission is to make money flow and unlock the global opportunity.

We are seeking a Security Compliance Lead to run and improve Lightspark’s technology security compliance program. This includes driving technical projects that enhance our compliance infrastructure. You will play a crucial role in identifying necessary security and compliance controls in the context of our quickly growing and evolving business and tech stack, building and deploying policies and governance, and working with our engineering department to implement best-in-class security practices and long-term security strategies.

This position requires strategic thinking, hands-on execution, and the ability to work effectively across multiple teams. The ideal candidate will have a proven track record in compliance and policy building and adhering to the highest security standards. An engineering background is a plus but by no means required.

WHAT YOU’LL BE DOING:

• Ensure adequate project management tracking and facilitate communication within the program, team and other stakeholders
• Collaborate with engineering, IT, and business owners to define program requirements, set priorities, and establish scope of policies and programs
• Manage interdependencies across operations & projects within the program to mitigate roadblocks to ensure critical project delivery on time
• Develop and maintain technical policies, standards, and guidelines aligned with organizational objectives and legal requirements, including compliance and audit planning
• Drive improvements to our SOC 2 program, including the addition of additional TSC and underlying design, implementation and operating effectiveness of controls
• Manage technical audits (e.g. code audits, security audits), SOC2 program, customer due diligence processes, and third party risk management program, liaising directly with external stakeholders, as well as manage the process of internally conducted reviews and audits of our programs, ensuring compliance with best in class security industry standards
• Program manage security related system implementations, third party and internal, for end to end delivery.
• Design and execute security training and awareness programs for the technical organizations as well as assist in the coordination and delivery of other company specific trainings
• Create process improvements within the team, using data and metrics tracking within team
• Startup Mentality: While the role is balanced on strategy, program management, and hands-on execution, you will be expected to act as an individual contributor when needed. We are a startup!

WHAT WE’RE LOOKING FOR:

• A minimum of 4 years of experience in security policy and compliance for technology.
• Knowledge of industry standards like ISO 27001, NIST, or OWASP is a plus
• Understanding of payment-related regulations such as PCI-DSS, PSD2, and other regional compliance requirements
• Preferred certifications: PMP, CISSP, CEH, or equivalent
• Experience being flexible and thrives in fast-paced changing problem spaces
• Excellent problem-solving, analytical, and communication skills

Lightspark is on a mission to build an open payment protocol for the Internet at scale and therefore we’re committed to creating a more inclusive and diverse workplace to reflect the customers we serve. We welcome interest from individuals of all backgrounds and levels of experience who share our mission. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, or other applicable legally protected characteristics.