Security Program Manager
San Francisco, CA 94107
The Security Program Manager is a multi-faceted role tasked with orchestrating the planning, and execution of our client s Security & Compliance program. The role, reporting to the Head of Security and Compliance, is part of the team accountable for information security, compliance, and trust and safety.
As a senior contributor in the Security & Compliance team, the incumbent will be involved in multiple product, engineering, data, and other work streams, each employing a diverse set of technology solutions and operational processes. The ability to successfully drive forward the security and compliance program will require the ability to work both within and across work streams and draw-upon/leverage both technical and organizational expertise. Along the way, the role will be involved in all aspects of the security and compliance program, from defining road maps to definition of goals and requirements for individual initiatives, management of resources, dependencies, and impediments, and representing the security and compliance program both within the engineering team and the organization.
This is a great opportunity to drive security and compliance innovation throughout the entire organization team and work with both cool and challenging technologies, processes, and people the latter being just cool.
What you ll need to be successful:
- You have, or are on your way to, master the ability to influence without direct control.
- Although you see the big picture, you recognize the importance of details and make sure t s are crossed and i s dotted.
- You have outstanding time management abilities and the (self) discipline to see through the (seemingly) myriad issues that come your way; moreover, you can help the rest of the security and compliance team build and master these abilities.
- You can establish credibility and build trust with engineers, product managers, and operational staff; you are confident, without being arrogant.
- You are a strong communicator that can participate in technical discussions and help drive technical decisions.
- Although you embrace, and thrive, in a fluid environment, you also see the benefits of structure and can find, more often than not, the right balance between agility and predictability.
- You have a non-dogmatic mindset, enjoy a discourse with someone that has an opposing view, and have what is called in Zen soshin (a beginner s mind).
- You are passionate about learning new things.
- 5+ years practicing your Agile/iterative knowledge and skills, ideally in more than one form (e.g., Scrum, Kanban, Scumban, Lean, etc.)
- You have had exposure, as a TPM or program manager, to the inner workings of at least two security and/or compliance programs; ideally, your previous security exposure included appsec, SOX/SOC compliance, security analytics, and threat intelligence.
- You have a good understanding of security concepts -e.g., threats, control areas, etc., security technologies e.g., authentication/SSO, SEM, etc., and security/operational processes e.g., incident & crisis management, SDLC, etc.
- You are familiar with regulatory and industry compliance requirements and processes; you have successfully managed both internal compliance activities and external audits. Expertise with ITGCs (SOX-404) and/or SSAE-18/SOC-2 is desired, although not mandatory.
- You have demonstrated, more than once, the ability to drive to completion an initiative across the enterprise; ideally, such examples include a security initiative, such as zero trust, identity and access management (IAM), security awareness and training, etc. Moreover, you have done it while simultaneously seeing-through a number of small(er) initiatives.