Senior Technical Program Manager, Security

Role Overview

• Diagnose, prioritize, and drive security program maturity
• Assess the current state with clear eyes: identify what’s working, what’s underdeveloped, and what needs to be rebuilt
• Build a prioritized, multi-quarter roadmap that sequences risk reduction against business reality — without waiting to be handed a problem statement
• Establish governance, ownership, and metrics that make the portfolio legible and actionable across security leadership, engineering leadership, and executives
• Hold the line on outcomes — not activity or artifacts.
• Translate security requirements into engineering practice
• Make security by design the operating standard: shift-left practices, threat modeling, architecture review, and controls embedded into how teams plan and ship
• Own the intersection of what security requires and what engineering can build — and move both sides toward it, fluently
• Remove the blockers that sit between security intent and engineering execution
• Build the habits and structures that outlast any individual program or initiative
• Own the compliance surface without losing sight of real risk
• Translate HIPAA, financial controls, and governance requirements into resilient programs that reduce actual exposure and scale — not just satisfy milestone audits
• Sequence compliance investments against where the company is going, not just where it’s been
• Build the evidence frameworks, metrics, and operational readiness that hold up under real scrutiny at scale
• Shape the AI security framework before it becomes a crisis
• Synthesize Aledade posture about AI risk, guardrails, and governance as AI becomes embedded in how we work and what we build
• Build the scaffolding — principles, review processes, accountability structures — that gives others a framework to execute against
• Operate with conviction in a space where the industry is still writing the rules
• Drive alignment across a complex, high-stakes intersection
• Operate at the seam between security, engineering, compliance, legal, and finance — without owning any of the headcount
• Eliminate toil that crushes effectiveness of the subject matter experts around you by clearing the path, not walking it for them
• Surface what’s being normalized that shouldn’t be — the risks deferred, the gaps unnamed, the programs that exist only on paper
• Drive evidence-based decisions that stick — from architecture, through build, to the risk level with executives
• Full-stack program leadership: equally at home in an architecture review, a compliance audit, a risk conversation with the CTO, and a sprint planning session with an engineering team

Requirements

• 10+ years in technical program management at Staff-level scope — cross-org, ambiguous, high-stakes security programs
• Deep security domain fluency: frameworks, controls, HIPAA and financial-specific obligations, risk management — and how all of it maps to real engineering decisions
• Technical judgment strong enough to question the status quo, challenge architectural decisions, and identify real risk versus inherited noise
• Proven track record of transforming security programs — advancing maturity, closing gaps, and positioning programs for where the business is going
• Influence without authority across senior security, engineering, compliance, and executive stakeholders
• Outcomes orientation: risk reduction and program maturity

Benefits

• Flexible work schedules and the ability to work remotely are available for many roles
• Health, dental and vision insurance paid up to 80% for employees, dependents and domestic partners
• Robust time-off plan (21 days of PTO in your first year)
• Two paid volunteer days and 11 paid holidays
• 12 weeks paid parental leave for all new parents
• Six weeks paid sabbatical after six years of service
• Educational Assistant Program and Clinical Employee Reimbursement Program
• 401(k) with up to 4% match
• Stock options
• And much more!