Technical Program Manager, Security & Trust

Harvey•San Francisco, CA

22d

About The Position

Some of the world's largest companies and their law firms use Harvey’s AI capabilities to deliver world-class client services at unprecedented scale and efficiency. Harvey allows high-performing professionals to gain deep domain knowledge faster, understand the big picture, and tackle more complex challenges in less time. Our customers depend on us to deliver a secure, trustworthy, and compliant platform. Earning the trust of our customers is a business enabler and we value it more than anything else. In this role, your objective is to earn the trust of our customers by communicating our security program, aligning it with relevant security and privacy standards, and getting it assessed by independent auditors. This is a highly cross-functional role that involves close collaboration with teams across the company, including Security, Product Management, Engineering, GTM, IT, Legal, and external consultants and auditors. Understanding and communicating customer and compliance requirements and producing accurate documentation will be key parts of this role. A big part of this role is responding to customer security questions. As an advocate for the Harvey Security program, our goal is to provide quick and accurate responses leveraging Harvey to assist. We achieve high accuracy and your role will include reviewing Harvey’s output - spotting the cases where the model misses the mark or can’t answer due to documentation gaps. We already have certifications including SOC 2 Type 2, ISO 27001; adhere to CCPA and GDPR, and continue to expand our compliance portfolio based on business needs. We have mature systems and processes in place, but they need to be constantly adapted to our quickly growing company and the rapidly evolving product.

Requirements

4+ years experience in Information Security
3+ years experience in roles requiring a high degree of project management
A strong foundation across a broad range of security, risk, and governance topics
Excellent organizational skills, including project management and process design with a drive for simplification
Excellent written communication skills
Ability to communicate complex technical and regulatory topics to diverse audiences; equally comfortable partnering with engineers, lawyers, customers, and GTM
Ability to manage external contractors, vendors, and consultants
Customer-centric mindset
Strong attention to detail while keeping focused on the big picture

Nice To Haves

Experience leading compliance certification projects such as SOC 2, ISO, IRAP, FedRAMPis a plus, but not required
Experience operationalizing controls at the intersection of product and enterprise security (secure SDLC, data protection/privacy-by-design, third‑party risk, incident response) in AI-centric contexts

Responsibilities

Respond to customer security questions at scale by using AI
Meet with customers to address security-related questions and concerns
Manage ISO and SOC 2 Type 2 and other emerging compliance programs, which includes continuously monitoring compliance status through automated tools, completing periodic required activities (pentests, risk assessments, various reviews and exercises, etc.), and coordinating with internal teams to gather evidence for auditors
Maintain and update corporate information security policies, ensuring compliance requirements are communicated across the organization
Maintain and improve our internal documentation
Maintain and improve security documentation and resources we share with customers and partners
Identify opportunities to streamline Trust workflows through tooling and automation

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume