Technical Program Manager
About the role
This role owns the program layer for CIS IG1, driving sustained compliance, expanding controls to the entire company, and building the foundation for future iterations. You will manage the annual external Penetration Test program and oversee the creation of the BCP program. You will also report on security posture and metrics to senior leadership.
Responsibilities
- Own the end-to-end CIS IG1 program: intake, evidence collection, SLA enforcement, and periodic review cycles across all 18 control families
- Expand CIS controls from local engineering teams to the entire company, and build the roadmap for IG2 and IG3
- Maintain the CIS Crosswalk Tracker as a living record of audit readiness and control status
- Translate technical controls into actionable Jira workflows and enforceable remediation SLAs
- Manage the annual external Penetration Test program and track remediation of findings to closure
- Design and operate a centralized intake process for security and infrastructure requests, ensuring engineers work only on vetted, prioritized work
- Standardize access-granting workflows for new hires, role changes, and tool requests—with full audit trails
- Enforce SLAs for vulnerability remediation, PR reviews, and ticket response; report compliance to leadership
- Serve as the primary interface between Engineering, Security, Legal, Finance, IT, and Procurement for security-related programs, vendor reviews, and audits
- Negotiate infrastructure and security work into team sprints; manage GIVE/GET dependency tracking with Engineering Directors
- Drive policy approvals and company-wide rollouts (e.g., Data Management, Secure Configuration, Access Control) from draft to operationalized and signed-off
- Operationalize recurring compliance work: quarterly access reviews, monthly vulnerability triage, bi-annual asset inventory updates, annual vendor reassessments, and tabletop BCP exercises
- Build and maintain dashboards and automated evidence pipelines to reduce manual compliance chores
- Report security posture, key metrics, and a "Security Score" to senior leadership in clear, business-readable terms
- Lead the BCP program: standardize templates, schedule tabletop exercises, document results, and drive remediation into engineering sprints
- Incident & Vulnerability Program Management: scale vulnerability management from local triage to a company-wide SLA-driven program using Wiz, HackerOne, and Jira
- Own the SLA—chasing teams to close critical findings within 7 days and reporting Days-to-Patch to leadership
- Manage the phishing response playbook and incident post-mortem process; ensure P0/P1 action items land in sprint
Requirements
Required Experience:
- 3+ years of technical program management in an infrastructure, security, SRE, or compliance environment
- Demonstrated ability to translate security controls (e.g., CIS, SOC2) into actionable Jira workflows, SLAs, and repeatable operational processes
- Proven track record driving company-wide, cross-departmental initiatives through to completion—including securing stakeholder sign-offs and managing organizational resistance
- Experience operationalizing run-the-business processes: access reviews, vulnerability remediation tracking, audit evidence collection, and periodic compliance reviews
- Sufficient technical depth in cloud infrastructure, SRE, and infosec to coordinate credibly with engineers and translate findings for non-technical leaders
- Strong executive communication skills—able to synthesize technical risk into a business-readable security score and status report
- End-to-end program ownership: from intake governance and dependency tracking through leadership reporting
Qualifications
Required Qualifications:
- Familiarity with CIS Controls v8.1 and the IG1/IG2/IG3 framework
- Hands-on exposure to tools in our stack: Wiz, HackerOne, CrowdStrike, Datadog, Okta, JAMF, or KnowBe4
- Experience supporting SOC2 or PCI audits
- Jira workflow and dashboard configuration experience
- Background in GRC (Governance, Risk, and Compliance) or security program management
- Experience working in an organization operating under a parent- or partner-company compliance context
Skills
Technical Skills:
- Technical program management
- Infrastructure, security, SRE, or compliance environment
- Translation of security controls into actionable Jira workflows
- Operationalizing run-the-business processes
- Cloud infrastructure, SRE, and infosec
- Executive communication skills
- End-to-end program ownership
Benefits
At Taskrabbit, our approach to compensation is designed to be competitive, transparent and equitable. Total compensation consists of base pay + annual bonus + benefits + perks. The base pay range for this position is $87,000 - $120,000. This range is representative of base pay only, and does not include any other total cash compensation amounts, such as company bonus or benefits. Final offer amounts may vary from the amounts listed above, and will be determined by factors including, but not limited to, relevant experience, qualifications, geography, and level.
Pay
$87,000 - $120,000
Schedule
Hybrid