Security Program Manager

About Oneleet: Oneleet is on a mission to revolutionize the industry. We make cybersecurity easy, effective, and painless through a comprehensive platform that helps companies build, manage, and monitor their cybersecurity programs. Backed by Y Combinator (S22) and top-tier VCs, our founding team brings over a decade of penetration testing and cybersecurity experience. Join our remote-first crew of opinionated rebels building a category-defining company to fix a broken, fragmented industry. Who we’re looking for: We value passionate self-starters with a growth mindset and a bias for action and personal accountability. If you love solving hard problems, thrive in ambiguity, and want to make a real impact, you’ll fit right in. We’re especially drawn to: • Rebels with a cause — frustrated with the status quo and eager to disrupt it. • Opinionated (but not obstinate) builders — decisive yet collaborative, who help us move fast. • Clear communicators — who own their ideas and follow through. Our mission is simple: make effective cybersecurity painless. We believe cybersecurity should empower, not burden. This belief unites our team and drives every decision we make. If you’re ready to challenge the status quo and help shape the future of cybersecurity, we’d love to meet you. The Security Program Manager is part vCISO & part account manager. You will work with our customers from the start to asses their current security/compliance framework, provide guidance and recommendations for improvements, and work with clients to implement recommendations. You're passionate about security, and enjoy sharing your knowledge with not only our customers but your colleagues. Key Responsibilities • Conduct initial consultation calls with new clients to assess their current security posture, infrastructure stack, compliance requirements and overall objectives. • Provide guidance and recommendations for improving client security posture • Develop high-level security programs consisting of technical, operational and administrative controls based on industry frameworks and client needs. • Collaborate with clients to customize and refine the security program to match their specific use cases. • Communicate with clients and stakeholders to ensure smooth and efficient security program creation • Liaise with auditors to ensure clients' security programs align with auditors' expectations • Maintain expertise across a range of security frameworks, control types, and technologies including NIST, SOC2, ISO27001, CMMC, AWS, Azure, GCP, Kubernetes, Docker, Terraform, and more. • Provide feedback to Oneleet's engineering team to inform development of integrations, solutions, and products that deliver on client needs. • Be highly technical, learn new technologies quickly, and translate security concepts into implementations. • Partner with internal teams to translate security programs into implementations consisting of policies, procedures, configurations and software integrations. Requirements • 3+ years in an information security role • Broad knowledge of security best practices, frameworks, control types, and relevant technologies. • Ability to understand client infrastructure and map security controls to meet compliance goals. • Strong analytical skills to evaluate environments and determine appropriate safeguards. • Excellent verbal and written communication skills. • Self-driven with the ability to work independently and move fast in a startup environment. • Willingness to go the extra mile to meet tight deadlines and deliver results. Why Oneleet? At Oneleet, you’ll join a tight-knit team of rebels redefining the cybersecurity industry. We move fast, own our work, and challenge outdated models to make security effortless and effective for companies. Here’s what makes us special: • We value impact over titles, autonomy over micromanagement, and clarity over jargon. • You’ll tackle meaningful, hard problems with real-world consequences. • You’ll work with smart, kind, and ambitious teammates who lift each other up. Perks & Benefits • Comprehensive health & welless benefits • Competitive comp & equity • Generous PTO, including floating holidays to honor what matters most to you • Flexible, remote work culture • Quarterly off-sites to cool places (Amsterdam, Italy, etc). Remote-First & Global Hiring We’re a remote-first company and hire globally in regions where we can legally engage talent—either directly or via our employer-of-record (PEO) partner. If you’re based outside the U.S., we’ll explore the most compliant hiring arrangement for your location. U.S. Hiring & E-Verify For U.S.-based candidates, Oneleet participates in E-Verify to confirm employment eligibility, in accordance with federal regulations. Apply tot his job