Senior Technical Program Manager

About The Position

Requirements

• 6+ years of experience as a technical programme manager in information security, with a track record of delivering complex, multi-team initiatives across engineering and security stakeholders.
• Demonstrated expertise in scoping, planning, and delivering strategic and tactical security programmes within a matrixed environment.
• Ability to manage the Information Security Risk Management lifecycle by partnering with engineering and security experts to implement regulations, test controls, and deploy security solutions across the technology stack.
• Working knowledge of security frameworks such as NIST, ISO 27001, SOC 2, PCI DSS, CIS Controls, and how they translate into credible delivery plans.
• Project management and/or security framework certifications (PMP, PRINCE2, ITIL, COBIT, ISO 27001) are expected at this level.
• Experience building and tracking security KPIs and metrics to measure program success and drive continuous improvement.
• Practical experience using AI-enabled or automation-first programme tooling (security GRC, TPRM, continuous control monitoring) and a clear point of view on where AI augments versus replaces human judgement in programme delivery.
• Strong communication and problem-solving skills, balancing persuasion with active listening.
• Exceptional stakeholder management skills to engage with engineering leaders and executives.
• Proven project management techniques to drive results.

Nice To Haves

• 3+ years of hands-on experience in equivalent security roles, such as Security Delivery Manager, Information Security Officer, or Threat Intelligence Programme Manager.
• Relevant professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), CompTIA Cybersecurity Analyst (CySA+), or Certified Fraud Examiner (CFE).
• Exposure to AI governance, model risk, or responsible-AI programme work.
• Knowledge of privacy legislation and regulations such as HIPAA and GDPR.
• Experience working with security and risk tooling in cloud infrastructure, hosting, and platform contexts.

Responsibilities

• Lead programme delivery for GSS’s most complex initiatives, including third-party risk, compliance and audit readiness, AI governance, and the data-driven cyber risk and control framework, with minimal oversight and clear ownership of outcomes.
• Set and continuously refine the programme rhythm, including planning cycles, status reporting, OKR alignment, and decision logs that connect day-to-day execution to GSS and Klaviyo-level objectives.
• Apply AI-enabled GSS tooling to reduce manual toil and improve the timeliness and signal of programme reporting.
• Identify automation and AI opportunities in programme management itself, such as status drafting, drift detection, and action tracking, and partner with SSG’s reporting and analytics capability to operationalize them.
• Run risk analysis, contingency planning, and trade-off conversations with senior stakeholders; raise critical issues early with clear options, data, and recommendations.
• Maintain authoritative status materials for the GSS leadership team, monthly KPI updates, and quarterly Board contributions, ensuring they are accurate, succinct, and decision-ready.
• Act as a player-coach to other programme managers across GSS and GTS, modeling delivery standards, mentoring on practice, and developing reusable playbooks and runbooks.
• Flex into other GSS functions, such as Security Product and Development and Security Intelligence Operations, where strategic initiatives require senior programme leadership.

Benefits

• Comprehensive range of health, welfare, and wellbeing benefits
• Participation in the company’s annual cash bonus plan
• Equity
• Sign-on payments