Staff Technical Program Manager - Security & Compliance Programs

About The Position

Requirements

• 8+ years of experience in Technical Program Management or a related engineering execution role.
• 4+ years of hands-on experience leading security, compliance, or infrastructure-focused technical programs—with direct ownership of at least one significant compliance initiative (FedRAMP, NIST 800-53, SOC 2) from planning through completion or authorization.
• Demonstrated ability to translate regulatory control frameworks into engineering roadmaps, backlogs, and actionable milestones with clear exit criteria.
• Experience managing cross-functional programs across distributed engineering teams (cloud, security, DevOps/infrastructure) without direct authority—influencing through credibility, clarity, and relationship.
• Strong familiarity with modern cloud infrastructure delivery: infrastructure-as-code, CI/CD pipelines, identity and access management, vulnerability management, SIEM/CSPM tooling, observability platforms, and incident response processes.
• Experience coordinating with external compliance assessors (3PAOs, auditors, agency liaisons) and managing evidence lifecycle and submission readiness.
• Proven track record of building lightweight but durable operational processes that improve compliance delivery velocity without adding bureaucratic drag.
• Exceptional written and verbal communication skills—ability to translate technical control status into crisp executive narratives and to write clear, unambiguous program documentation suitable for audit review.
• Bachelor’s degree in Computer Science, Engineering, Information Systems, or a related technical field; equivalent practical experience accepted.

Nice To Haves

• Direct experience with FedRAMP authorization pathways, including system security plan (SSP) development, and ATO milestone management.
• Familiarity with compliance automation and evidence tooling: policy-as-code, automated control validation in CI/CD, CSPM outputs, and continuous monitoring dashboards.
• Experience working in IoT, edge computing, or physical security product environments where the authorization boundary includes both cloud and edge/device components.
• Background in or direct exposure to SaaS platform delivery, firmware/embedded programs, or AI/ML systems that require security integration into delivery pipelines.
• Experience engaging with government procurement, agency authorization bodies, or contract manufacturing in regulated contexts.

Responsibilities

• Own end-to-end program execution for LVT’s FedRAMP authorization effort and related regulatory initiatives (NIST 800-53, SOC 2, CJIS, or equivalent), from readiness assessment through Authorization to Operate (ATO).
• Translate regulatory control frameworks (e.g., NIST 800-53 control families) into actionable engineering backlogs, implementation roadmaps, milestone schedules, and measurable exit criteria.
• Maintain integrated program plans, risk registers, RAID logs, and dependency maps that reflect real-time program health across multiple workstreams.
• Coordinate and improve the end-to-end evidence lifecycle—collection, validation, freshness, and repeatability—partnering with engineering to scale compliance automation and reduce manual burden over time.
• Drive cross-team delivery of control implementations, remediation plans, and release sequencing across Cloud Engineering, Security Engineering, DevOps, and Product teams.
• Serve as the primary execution liaison between Engineering teams and compliance stakeholders (internal audit, external 3PAO assessors, and government agency reviewers), ensuring work is audit-ready and documentation is operationally durable.
• Proactively identify and surface technical dependencies, program risks, and cross-team blockers; drive mitigation strategies before they impact delivery timelines or compliance windows.
• Coordinate integration between security/compliance work and LVT’s broader product and infrastructure roadmaps—ensuring compliance is embedded in delivery rather than bolted on.
• Partner with external vendors, 3PAO assessors (e.g., Schellman or equivalent), cloud boundary/ATO providers, and government stakeholders to manage assessment readiness and evidence submission cycles.
• Design and maintain lightweight but effective reporting cadences that give executive stakeholders real-time visibility into program health, compliance milestone status, and risk posture—without creating theater.
• Build and maintain program dashboards, status reporting artifacts, and board-level summaries that communicate compliance trajectory, open risks, and remediation velocity in plain language.
• Establish repeatable processes and tooling for evidence collection, continuous monitoring readiness, and audit cycle preparation that reduce per-cycle effort as the program matures.
• Champion a data-driven culture within the security and infrastructure programs—using metrics on control implementation velocity, open findings aging, and remediation SLA adherence to drive accountability.
• Engage credibly with engineering leads on architecture decisions related to cloud infrastructure, identity and access management, vulnerability management, CI/CD controls, observability, and incident response—understanding enough to ask the right questions and sequence the right work.
• Apply modern delivery practices (Agile, iterative milestone planning) to compliance program execution; adapt cadences as the program shifts from readiness to authorization to continuous monitoring.
• Identify and close gaps between LVT’s residual application-layer controls, IoT/edge telemetry boundary scoping, and continuous monitoring readiness as relevant to the authorization boundary.
• Contribute to the broader TPM function’s operational frameworks, delivery playbooks, and cross-program dependency management as LVT’s TPM practice scales.

Benefits

• Comprehensive health, dental and vision coverage
• Retirement benefits (401k match up to 4%)
• Flexible PTO
• Bonus structure tied to meeting goals
• Employee equity program