Staff Technical Program Manager - Compliance Architecture
Zscaler · United States · 5 days ago
RemoteRemoteProject Management$119k–$170k/yrFull-time
What you’ll do (Role Expectations)
- Define and maintain enterprise privacy baseline requirements, embedding them into the SDLC by translating regulatory and assurance expectations (e.g., NIST 800-53, FedRAMP/DoD IL5 privacy-relevant controls, and ISO 27701/ISO 42001) into measurable technical criteria and acceptance tests
- Establish standardized privacy-by-design patterns (data minimization, purpose limitation, retention/deletion, privacy-safe telemetry, access controls) and partner with Engineering/Compliance Engineering to automate validation and evidence collection through CI/CD guardrails and policy-as-code
- Conduct privacy architecture reviews and operational readiness assessments to identify data-handling risks (collection, use, sharing, storage, logging), and provide actionable remediation guidance aligned to engineering realities and delivery timelines
- Maintain authoritative data flow diagrams and processing narratives, ensuring data classifications, processing purposes, transfer points, trust boundaries, and retention expectations are current, consistent, and audit-ready
- Evaluate significant changes for impacts to data processing scope, trust boundaries, and authorization boundaries; drive cross-functional alignment across Engineering, Product, Security, and Legal/Privacy stakeholders and ensure decisions are documented for auditability
Who You Are (Success Profile)
- You thrive in ambiguity. You're comfortable building the path as you walk it. You thrive in a dynamic environment, seeing ambiguity not as a hindrance, but as the raw material to build something meaningful.
- You act like an owner. Your passion for the mission fuels your bias for action. You operate with integrity because you genuinely care about the outcome. True ownership involves leveraging dynamic range: the ability to navigate seamlessly between high-level strategy and hands-on execution.
- You are a problem-solver. You love running towards the challenges because you are laser-focused on finding the solution, knowing that solving the hard problems delivers the biggest impact.
- You are a high-trust collaborator. You are ambitious for the team, not just yourself. You embrace our challenge culture by giving and receiving ongoing feedback—knowing that candor delivered with clarity and respect is the truest form of teamwork and the fastest way to earn trust.
- You are a learner. You have a true growth mindset and are obsessed with your own development, actively seeking feedback to become a better partner and a stronger teammate. You love what you do and you do it with purpose.
What We’re Looking for (Minimum Qualifications)
- Foundational understanding of AI/ML technologies and experience leveraging, securing, or positioning AI-driven solutions to optimize outcomes within your functional domain
- Bachelor’s degree in Computer Science, Information Systems, Engineering, or a related field
- 5+ years of experience in compliance, security architecture, compliance engineering, or technical audit with a focus on translating control requirements into technical verification mechanisms
- Proven experience performing architecture reviews and gap analysis against FedRAMP High or DoD IL5 frameworks
- Proficiency in public cloud services (AWS, Azure, or GCP) paired with a strong track record of producing architecture diagrams, control narratives, and driving outcomes through engineering partnerships
What Will Make You Stand Out (Preferred Qualifications)
- Experience building automated data governance frameworks or compliance verification systems specifically tailored to generative AI applications and large language model (LLM) data trust boundaries
- Experience building automated control validation systems such as policy-as-code or CI/CD control gates
- Deep familiarity with identity and authorization architectures, trust boundaries, and professional compliance certifications such as CISSP, CISA, CCSP, or specialized cloud security credentials