Jobs · Information Technology · Washington

Staff Technical Program Manager - Security & Compliance Programs

LVT (LiveView Technologies) · Seattle, WA · 1 wk ago
On-siteInformation Technology$159k–$214k/yrFull-time

About the role

LVT is pursuing government and enterprise markets that demand rigorous security and compliance posture—including FedRAMP authorization, NIST 800-53 alignment, and continuous monitoring at scale. This role is the execution engine for those programs.

Responsibilities

  • Security & Compliance Program Ownership - Own end-to-end program execution for LVT’s FedRAMP authorization effort and related regulatory initiatives (NIST 800-53, SOC 2, CJIS, or equivalent), from readiness assessment through Authorization to Operate (ATO).
  • Translate regulatory control frameworks (e.g., NIST 800-53 control families) into actionable engineering backlogs, implementation roadmaps, milestone schedules, and measurable exit criteria.
  • Maintain integrated program plans, risk registers, RAID logs, and dependency maps that reflect real-time program health across multiple workstreams.
  • Coordinate and improve the end-to-end evidence lifecycle—collection, validation, freshness, and repeatability—partnering with engineering to scale compliance automation and reduce manual burden over time.
  • Drive cross-team delivery of control implementations, remediation plans, and release sequencing across Cloud Engineering, Security Engineering, DevOps, and Product teams.
  • Cross-Functional Execution & Stakeholder Management - Serve as the primary execution liaison between Engineering teams and compliance stakeholders (internal audit, external 3PAO assessors, and government agency reviewers), ensuring work is audit-ready and documentation is operationally durable.
  • Proactively identify and surface technical dependencies, program risks, and cross-team blockers; drive mitigation strategies before they impact delivery timelines or compliance windows.
  • Coordinate integration between security/compliance work and LVT’s broader product and infrastructure roadmaps—ensuring compliance is embedded in delivery rather than bolted on.
  • Partner with external vendors, 3PAO assessors (e.g., Schellman or equivalent), cloud boundary/ATO providers, and government stakeholders to manage assessment readiness and evidence submission cycles.
  • Operational Rigor & Reporting - Design and maintain lightweight but effective reporting cadences that give executive stakeholders real-time visibility into program health, compliance milestone status, and risk posture—without creating theater.
  • Build and maintain program dashboards, status reporting artifacts, and board-level summaries that communicate compliance trajectory, open risks, and remediation velocity in plain language.
  • Establish repeatable processes and tooling for evidence collection, continuous monitoring readiness, and audit cycle preparation that reduce per-cycle effort as the program matures.
  • Champion a data-driven culture within the security and infrastructure programs—using metrics on control implementation velocity, open findings aging, and remediation SLA adherence to drive accountability.
  • Technical Program Management Craft - Engage credibly with engineering leads on architecture decisions related to cloud infrastructure, identity and access management, vulnerability management, CI/CD controls, observability, and incident response—understanding enough to ask the right questions and sequence the right work.
  • Apply modern delivery practices (Agile, iterative milestone planning) to compliance program execution; adapt cadences as the program shifts from readiness to authorization to continuous monitoring.
  • Identify and close gaps between LVT’s residual application-layer controls, IoT/edge telemetry boundary scoping, and continuous monitoring readiness as relevant to the authorization boundary.
  • Contribute to the broader TPM function’s operational frameworks, delivery playbooks, and cross-program dependency management as LVT’s TPM practice scales.

Requirements

  • 8+ years of experience in Technical Program Management or a related engineering execution role.
  • 4+ years of hands-on experience leading security, compliance, or infrastructure-focused technical programs—with direct ownership of at least one significant compliance initiative (FedRAMP, NIST 800-53, SOC 2) from planning through completion or authorization.
  • Demonstrated ability to translate regulatory control frameworks into engineering roadmaps, backlogs, and actionable milestones with clear exit criteria.
  • Experience managing cross-functional programs across distributed engineering teams (cloud, security, DevOps/infrastructure) without direct authority—influencing through credibility, clarity, and relationship.
  • Strong familiarity with modern cloud infrastructure delivery: infrastructure-as-code, CI/CD pipelines, identity and access management, vulnerability management, SIEM/CSPM tooling, observability platforms, and incident response processes.
  • Experience coordinating with external compliance assessors (3PAOs, auditors, agency liaisons) and managing evidence lifecycle and submission readiness.
  • Proven track record of building lightweight but durable operational processes that improve compliance delivery velocity without adding bureaucratic drag.
  • Exceptional written and verbal communication skills—ability to translate technical control status into crisp executive narratives and to write clear, unambiguous program documentation suitable for audit review.
  • Bachelor’s degree in Computer Science, Engineering, Information Systems, or a related technical field; equivalent practical experience accepted.

Qualifications

  • Direct experience with FedRAMP authorization pathways, including system security plan (SSP) development, and ATO milestone management.
  • Familiarity with compliance automation and evidence tooling: policy-as-code, automated control validation in CI/CD, CSPM outputs, and continuous monitoring dashboards.
  • Experience working in IoT, edge computing, or physical security product environments where the authorization boundary includes both cloud and edge/device components.
  • Background in or direct exposure to SaaS platform delivery, firmware/embedded programs, or AI/ML systems that require security integration into delivery pipelines.
  • Experience engaging with government procurement, agency authorization bodies, or contract manufacturing in regulated contexts.

Similar jobs