Principal Technical Program Manager, FedRAMP

IonQ•College Park, MD

3d•Hybrid

About The Position

We are seeking a Security Technical Program Manager (TPM) to drive our program. The Security TPM serves as a strategic architect and operational engine of an organization’s security posture. Bridging the gap between high-level risk management and deep technical execution, they orchestrate complex initiatives—ranging from infrastructure hardening to compliance automation—across diverse engineering and product teams. Unlike a traditional project manager, a Security TPM possesses the technical depth to challenge architectural decisions and the business acumen to prioritize security debt against product velocity. Ultimately, they are responsible for transforming abstract security policies into scalable, automated workflows that protect the company’s assets without stifling innovation.

Requirements

Bachelor’s degree in a STEM field such as Electrical Engineering, Physics, Computer Science, or a related Security discipline or equivalent combination of experience and education.
3-5 years of experience in program management or engineering driving cross-functional projects and aligning stakeholders around strategic priorities.
Strong written and verbal communication with an aptitude for building shared understanding of goals, escalating elegantly, and reporting to senior leadership.
Experience in information security, security engineering, or compliance.

Nice To Haves

A deep understanding of security fundamentals and frameworks (e.g., NIST 800-171) and applying security controls to both organizations and products.
Strong aptitude for Atlassian Jira and Confluence issue management, project management, and reporting.
Experience and/or education in a technical discipline related to IonQ product lines, including satellite, quantum computing, and/or networking

Responsibilities

Define and drive the strategic roadmap for security initiatives, aligning technical goals with broader business objectives and risk appetite.
Establish and track key performance indicators (KPIs) and other metrics to measure the health and maturity of the security posture.
Integrate security into the SDLC, overseeing activities such as threat modeling, security architecture reviews, and automated code analysis (SAST/DAST).
Partner with Engineering teams to prioritize security debt and technical remediation alongside product feature development.
Scale security tooling and automation to reduce manual overhead for developers while increasing detection capabilities.
Conduct ongoing risk assessments of internal systems and third-party vendors, translating technical vulnerabilities into actionable business risks.
Drive compliance readiness for frameworks such as SOC2, ISO 27001, CMMC, or FedRAMP, ensuring technical controls are implemented and auditable.
Maintain a centralized Risk Register, providing visibility to executive leadership on the most critical threats facing the organization.
Translate complex security concepts into clear, concise updates for non-technical audiences and senior leadership.
Develop and deliver technical security training and awareness programs to foster a "Security First" culture across the company.