Senior Security Technical Program Manager
Job Description
As a Sr Security Technical Program Manager, you will play a critical role in safeguarding our products and services through effective vulnerability management, incident response, bug bounty, security/privacy metrics tracking, and partnerships with engineering teams. You will use your technical security knowledge to successfully drive programs and earn trust from engineers. Reporting directly to the Chief Information Security Officer, you will lead, drive, and monitor programs and initiatives to empower our engineering teams in building secure infrastructure at scale. You will be expected to innovate and improve in the space.
Responsibilities
Vulnerability Management Program: Take ownership of the vulnerability management program across all products and services. Identify, prioritize, and address vulnerabilities effectively to bolster our security measures.
Incident Response Process: Lead and manage the incident response process, engaging with teams, customers, and leadership. Ensure efficient and clear communications during incidents.
Bug Bounty Management: Collaborating with external security researchers to efficiently assess and categorize vulnerabilities, accurately gauge their impact, and uphold service level agreements (SLAs) during the engagement.
Security/Privacy Metrics and Reporting: Develop and track key security and privacy metrics company-wide. Use data-driven insights to continuously improve our security practices. Provide regular reports on security metrics, incidents, and the overall security posture to executive leadership and stakeholders.
Collaboration and Partnership: Work closely with software development and operations teams, enabling them to implement security and privacy initiatives seamlessly.
Secure and Privacy-Minded Solution: Collaborate with machine learning, search, product, infrastructure, data, and frontend teams to design elegant and secure solutions.
Risk Mitigation: Collaborate with all departments at Moveworks to understand business and technical risks, taking measures to reduce or mitigate them while enhancing our overall security and privacy posture.
Program Management: Efficiently manage complex and large-scale cross-team, cross-functional initiatives related to security and privacy.
Resource Management and Communication: Interface with engineering managers and engineers to estimate work efforts, define milestones, manage resources, and communicate progress to upper management and project stakeholders.
Obstacle Removal and Momentum: Proactively identify and remove obstacles, ensuring smooth progress. Handle issue escalations and support teams juggling competing priorities.
Results-Driven Approach: Demonstrate a proactive and results-oriented approach to achieve security objectives.
Job Requirements
- 7+ years of experience in the Security/Privacy space as a Technical Program Manager (or equivalent)
- Strong understanding of vulnerability exposure and effective prioritization methods
- Proficiency in engaging stakeholders to handle security/privacy incidents
- Experience in improving, reporting, and measuring security/privacy metrics across an organization
- Familiarity with conducting external penetration testing programs
- Expertise in cloud infrastructure such as AWS, GCP, and/or Azure
- Previous experience in environments with compliance requirements (SOC2, HIPAA, ISO27001, FedRAMP, etc.)
- BS+ in computer science or a related field, or equivalent relevant experience
- Excellent written and verbal communication skills
- Strong relationship-building skills to influence and motivate diverse job functions
- Exceptional organizational abilities to manage multiple competing priorities effectively
- Ability to make objective decisions based on understanding complex concepts
- Eagerness to delve into problems, drive alignment, and assist with execution through well-documented plans.
