Senior Technical Program Manager, Security

Diagnose prioritize and drive security program maturity

• Assess the current state with clear eyes: identify whats working whats underdeveloped and what needs to be rebuilt

• Build a prioritized multi-quarter roadmap that sequences risk reduction against business reality without waiting to be handed a problem statement

• Establish governance ownership and metrics that make the portfolio legible and actionable across security leadership engineering leadership and executives

• Hold the line on outcomes not activity or artifacts.

Translate security requirements into engineering practice

• Make security by design the operating standard: shift-left practices threat modeling architecture review and controls embedded into how teams plan and ship

• Own the intersection of what security requires and what engineering can build and move both sides toward it fluently

• Remove the blockers that sit between security intent and engineering execution

• Build the habits and structures that outlast any individual program or initiative

Own the compliance surface without losing sight of real risk

• Translate HIPAA financial controls and governance requirements into resilient programs that reduce actual exposure and scale not just satisfy milestone audits

• Sequence compliance investments against where the company is going not just where its been

• Build the evidence frameworks metrics and operational readiness that hold up under real scrutiny at scale

Shape the AI security framework before it becomes a crisis

• Synthesize Aledade posture about AI risk guardrails and governance as AI becomes embedded in how we work and what we build

• Build the scaffolding principles review processes accountability structures that gives others a framework to execute against

• Operate with conviction in a space where the industry is still writing the rules

Drive alignment across a complex high-stakes intersection

• Operate at the seam between security engineering compliance legal and finance without owning any of the headcount

• Eliminate toil that crushes effectiveness of the subject matter experts around you by clearing the path not walking it for them

• Surface whats being normalized that shouldnt be the risks deferred the gaps unnamed the programs that exist only on paper

• Drive evidence-based decisions that stick from architecture through build to the risk level with executives

• Full-stack program leadership: equally at home in an architecture review a compliance audit a risk conversation with the CTO and a sprint planning session with an engineering team

• 10 years in technical program management at Staff-level scope cross-org ambiguous high-stakes security programs

• Deep security domain fluency: frameworks controls HIPAA and financial-specific obligations risk management and how all of it maps to real engineering decisions

• Technical judgment strong enough to question the status quo challenge architectural decisions and identify real risk versus inherited noise

• Proven track record of transforming security programs advancing maturity closing gaps and positioning programs for where the business is going

• Influence without authority across senior security engineering compliance and executive stakeholders

• Outcomes orientation: risk reduction and program maturity

• Experience in healthcare or other highly regulated environments where security failure has consequences beyond the company

• Track record of building security governance and operating models from the ground up

• Familiarity with AI and ML risk frameworks and emerging AI governance practice

• Operated at a company in significant growth where the security foundation had to be built while the business was already running on it

• Can move between a threat model conversation with a security engineer and a risk framing conversation with a CFO without losing accuracy in either direction

• Sitting for prolonged periods of time. Extensive use of computers and keyboard. Occasional walking and lifting may be required.