Staff Technical Program Manager - Security & Compliance Programs
LVT (LiveView Technologies) · Seattle, WA · 1 wk ago
On-siteInformation Technology$159k–$214k/yrFull-time
About the role
LVT is pursuing government and enterprise markets that demand rigorous security and compliance posture—including FedRAMP authorization, NIST 800-53 alignment, and continuous monitoring at scale. This role is the execution engine for those programs.
Responsibilities
- Security & Compliance Program Ownership - Own end-to-end program execution for LVT’s FedRAMP authorization effort and related regulatory initiatives (NIST 800-53, SOC 2, CJIS, or equivalent), from readiness assessment through Authorization to Operate (ATO).
- Translate regulatory control frameworks (e.g., NIST 800-53 control families) into actionable engineering backlogs, implementation roadmaps, milestone schedules, and measurable exit criteria.
- Maintain integrated program plans, risk registers, RAID logs, and dependency maps that reflect real-time program health across multiple workstreams.
- Coordinate and improve the end-to-end evidence lifecycle—collection, validation, freshness, and repeatability—partnering with engineering to scale compliance automation and reduce manual burden over time.
- Drive cross-team delivery of control implementations, remediation plans, and release sequencing across Cloud Engineering, Security Engineering, DevOps, and Product teams.
- Cross-Functional Execution & Stakeholder Management - Serve as the primary execution liaison between Engineering teams and compliance stakeholders (internal audit, external 3PAO assessors, and government agency reviewers), ensuring work is audit-ready and documentation is operationally durable.
- Proactively identify and surface technical dependencies, program risks, and cross-team blockers; drive mitigation strategies before they impact delivery timelines or compliance windows.
- Coordinate integration between security/compliance work and LVT’s broader product and infrastructure roadmaps—ensuring compliance is embedded in delivery rather than bolted on.
- Partner with external vendors, 3PAO assessors (e.g., Schellman or equivalent), cloud boundary/ATO providers, and government stakeholders to manage assessment readiness and evidence submission cycles.
- Operational Rigor & Reporting - Design and maintain lightweight but effective reporting cadences that give executive stakeholders real-time visibility into program health, compliance milestone status, and risk posture—without creating theater.
- Build and maintain program dashboards, status reporting artifacts, and board-level summaries that communicate compliance trajectory, open risks, and remediation velocity in plain language.
- Establish repeatable processes and tooling for evidence collection, continuous monitoring readiness, and audit cycle preparation that reduce per-cycle effort as the program matures.
- Champion a data-driven culture within the security and infrastructure programs—using metrics on control implementation velocity, open findings aging, and remediation SLA adherence to drive accountability.
- Technical Program Management Craft - Engage credibly with engineering leads on architecture decisions related to cloud infrastructure, identity and access management, vulnerability management, CI/CD controls, observability, and incident response—understanding enough to ask the right questions and sequence the right work.
- Apply modern delivery practices (Agile, iterative milestone planning) to compliance program execution; adapt cadences as the program shifts from readiness to authorization to continuous monitoring.
- Identify and close gaps between LVT’s residual application-layer controls, IoT/edge telemetry boundary scoping, and continuous monitoring readiness as relevant to the authorization boundary.
- Contribute to the broader TPM function’s operational frameworks, delivery playbooks, and cross-program dependency management as LVT’s TPM practice scales.
Requirements
- 8+ years of experience in Technical Program Management or a related engineering execution role.
- 4+ years of hands-on experience leading security, compliance, or infrastructure-focused technical programs—with direct ownership of at least one significant compliance initiative (FedRAMP, NIST 800-53, SOC 2) from planning through completion or authorization.
- Demonstrated ability to translate regulatory control frameworks into engineering roadmaps, backlogs, and actionable milestones with clear exit criteria.
- Experience managing cross-functional programs across distributed engineering teams (cloud, security, DevOps/infrastructure) without direct authority—influencing through credibility, clarity, and relationship.
- Strong familiarity with modern cloud infrastructure delivery: infrastructure-as-code, CI/CD pipelines, identity and access management, vulnerability management, SIEM/CSPM tooling, observability platforms, and incident response processes.
- Experience coordinating with external compliance assessors (3PAOs, auditors, agency liaisons) and managing evidence lifecycle and submission readiness.
- Proven track record of building lightweight but durable operational processes that improve compliance delivery velocity without adding bureaucratic drag.
- Exceptional written and verbal communication skills—ability to translate technical control status into crisp executive narratives and to write clear, unambiguous program documentation suitable for audit review.
- Bachelor’s degree in Computer Science, Engineering, Information Systems, or a related technical field; equivalent practical experience accepted.
Qualifications
- Direct experience with FedRAMP authorization pathways, including system security plan (SSP) development, and ATO milestone management.
- Familiarity with compliance automation and evidence tooling: policy-as-code, automated control validation in CI/CD, CSPM outputs, and continuous monitoring dashboards.
- Experience working in IoT, edge computing, or physical security product environments where the authorization boundary includes both cloud and edge/device components.
- Background in or direct exposure to SaaS platform delivery, firmware/embedded programs, or AI/ML systems that require security integration into delivery pipelines.
- Experience engaging with government procurement, agency authorization bodies, or contract manufacturing in regulated contexts.