Security Technical Program Manager
Job Description
We’re looking for a senior level Security Technical Program Manager (TPM) to join our Governance, Risk, and Compliance (GRC) team at Grammarly. This person will work within the Security organization and report to the Head of GRC. They will partner cross-functionally to lead and execute initiatives aimed at improving our security and compliance posture through a risk-based approach. They will spearhead efforts to build out Grammarly's cybersecurity risk management program, and partner closely with team members that manage governance of policies and procedures and internal/external audits. Their primary focus will be leading efforts for proactive risk identification/mitigation and increasing the maturity of our programs.
The GRC team solves complex compliance challenges, improves processes, and drives greater efficiencies across the security assurance organization. This role will enable growth and help us scale our internal compliance processes to meet the regulatory expectations of customers worldwide by driving innovative campaigns cross-functionally across the organization.
Responsibilities
- Build an enterprise-wide risk management framework which enables executive leadership to proactively identify risks and treatment plans to ensure company objectives are met.
- Drive cybersecurity and enterprise risk management assessments and maintain the centralized risk register with threats, vulnerabilities, controls/mitigating factors, scores, and treatment plans for executive leadership visibility and planning.
- Drive cross-functional initiatives to improve our security and compliance posture to meet increasing compliance obligations and customer commitments.
- Assess planned product features to ensure compliance with privacy principles.
- Provide technical controls implementation guidance to Engineering and Security teams related to security requirements/standards.
- Lead efforts to increase the maturity level of our controls environment and optimize audit processes to be at scale.
Job Requirements
- Embodies our EAGER values—is ethical, adaptable, gritty, empathetic, and remarkable.
- Is able to collaborate in person 3 weeks per quarter, traveling if necessary to the hub where the team is based.
- Is a senior level TPM with hands-on experience in leading large-scale, cross-functional initiatives aimed at improving overall security posture and aligning with company objectives.
- Has implemented risk management frameworks such as NIST RMF and performed cybersecurity assessments such as NIST CSF, using quantitative or semi-quantitative scoring models.
- Has a proven record of identifying gaps/weaknesses in an organization's security posture, assessing risk level, proposing practical treatment plans and control designs, and working closely with engineers to implement the plans while providing technical compliance guidance.
- Has a strong understanding of the following security standards: SOC Type 2, ISO 27001/27017/27018, PCI DSS, HIPAA, GPDR, CSA CCM, and NIST 800-53 (FedRAMP Moderate is a plus).
- Builds strong relationships with peers across the company to evangelize a security and risk-based culture.
- Can effectively influence at all levels of the organization
