Cyber Technical Program Manager

About The Position

Requirements

• Bachelor Degree in a STEM field
• At least 5+ years of experience in program or project management, with the majority of that time spent inside a cybersecurity organization.
• Direct hands-on experience with cybersecurity program delivery: security tool deployments, identity and access management programs, cloud security initiatives, or threat detection and response programs
• Experience with program tooling including Jira, Azure DevOps, and Power BI; ability to build and maintain dashboards that support portfolio visibility.
• Understanding of cybersecurity domains: IAM, endpoint security, cloud security (AWS, Azure, or GCP), application security, network security, and security operations.
• Familiarity with current threat actor tradecraft, including the adversarial application of AI tools, large language model exploitation techniques, and AI-augmented attack patterns.
• Working knowledge of MITRE ATT&CK, NIST CSF, Zero Trust frameworks, and security architecture patterns.
• Awareness of life sciences regulatory requirements including FDA cybersecurity guidance, GxP, SOX, HIPAA, GDPR, and PCI as they apply to cyber program delivery.
• Structured, focused approach to program governance: checkpoint processes, RASCI documentation, stage-based delivery, and plan quality standards.
• Ability to translate technical cyber risk into business impact language for executive audiences.
• Strong stakeholder management across technical practitioners, security leadership, and business executives.
• Comfortable with ambiguity; able to make sound program decisions in constantly evolving environments.
• Data-driven: uses Power BI, Excel, or equivalent tooling to track, forecast, and communicate program health.
• Demonstrated track record running complex, cross-functional programs in fast-paced enterprise environments with opposing priorities.
• Prior experience at large enterprises with complex regulatory and compliance obligations.
• Exposure to AI security governance, ML model risk, or adversarial AI research understanding how frontier model capabilities are reshaping the threat landscape.
• Experience with MITRE ATT&CK-based program scoping or threat-informed defense frameworks.

Nice To Haves

• Cybersecurity certification strongly preferred: CISSP, CISM, CCSP, or equivalent demonstrating sustained investment in the security discipline.
• PMP, Agile (SAFe, CSM), or ITIL certification a plus.

Responsibilities

• Own programs end-to-end, challenge assumptions, surface risks, and hold technical teams accountable to outcomes.
• Embed in the work alongside security engineers, architects, and Cyber leaders to bring structure to complex delivery, and translate program health into executive-ready intelligence for Cyber leadership.
• Understand the adversarial context driving each program, including: AI supply chain and model integrity threats, identity and privilege exploitation, and enterprise attack surface expansion.
• Develop and own program charters grounded in the cyber context driving each initiative as well as business requirements.
• Drive gate-validated execution through the program lifecycle, ensuring planning rigor, resource readiness, dependency resolution, and architecture review before execution begins.
• Maintain RASCI clarity across Sponsor, Service Owner, BISO, and delivery team roles, ensuring BISOs are engaged from day one.
• Lead critical path identification and gain alignment on the milestones that matter, reducing noise in reporting and keeping delivery teams focused on the outcomes that move the security posture.
• Identify and surface risks through a technical lens along with schedule and budget, but threat-informed risks that could undermine program effectiveness.
• Contribute to continuous improvement of Cyber’s program governance processes, templates, and stage gate documentation.
• Own assigned programs through the full lifecycle: intake, charter, detailed planning, execution, and closeout with rigor and accountability at each stage.
• Maintain execution momentum on concurrent programs, leading cross-functional dependencies, resolving blockers, and coordinating with security architects, engineers, and platform teams.
• Ensure program plans include milestone roadmap, dependency map, architecture review confirmation, and resource assignments.
• Coordinate release readiness, change management, and go/no-go decisions with communications partners and business stakeholders to minimize disruption.
• Engage directly with threat intelligence, red team, and detection engineering teams to ensure program scope and success criteria reflect current adversarial realities.
• Proactively identify and escalate key issues, blockers, and constraints to appropriate management and stakeholders, ensuring timely resolution and minimal program impact.
• Communicate complex cybersecurity concepts clearly and concisely across diverse audiences—from executives and business partners to technical teams—tailoring messaging to stakeholder needs.
• Track resource needs and timelines across assigned programs, forecasting 1–2 quarters out and surfacing capacity conflicts before they become blockers.
• Coordinate alignment of external resources and vendor delivery across planning and execution phases.
• Support leadership capacity planning with accurate, data-driven forecasts tied to program criticality and threat priority.
• Bring working knowledge across multiple security domains: identity and access management, endpoint security, cloud security architecture, network security, application security, and security operations.
• Engage credibly with security engineers, architects, and threat intelligence teams — understanding enough to ask the right questions, challenge delivery gaps, and assess whether technical decisions align with security objectives.
• Maintain fluency in current and emerging threat actor behaviors, including AI-augmented adversarial techniques and the specific risks posed by frontier model capabilities and Mythos-class actors.
• Apply working knowledge of NIST CSF, MITRE ATT&CK, Zero Trust principles, and applicable regulatory frameworks (FDA cybersecurity guidance, GxP, SOX, HIPAA, GDPR, PCI) to program delivery decisions.
• Deliver milestone-driven status reporting aligned to critical path, surfacing what matters, what is at risk, and what decisions are needed.
• Maintain Jira-based program tracking that supports portfolio-level visibility for Cyber leadership.
• Produce executive-ready reporting that connects program progress to cyber objectives and threat mitigation outcomes.
• Facilitate steering committee and reviews, providing accurate updates on status, dependencies, financials, risks, and threat relevance.
• Adapt communication style fluidly across technical practitioners, Cyber leadership, and business executives.
• Champion and leverage AI tools (e.g., Claude) to streamline workflows, accelerate analysis, and improve program delivery efficiency across cybersecurity initiatives.

Benefits

• company bonus (depending, in part, on company and individual performance)
• company-sponsored 401(k)
• pension
• vacation benefits
• eligibility for medical, dental, vision and prescription drug benefits
• flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts)
• life insurance and death benefits
• certain time off and leave of absence benefits
• well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities)