Principal Technical Program Manager – Cloud Security
| Company | PingCAP |
|---|---|
| Location | Seattle, WA, USA, San Francisco, CA, USA |
| Salary | $Not Provided – $Not Provided |
| Type | Full-Time |
| Degrees | Bachelor’s, Master’s |
| Experience Level | Senior, Expert or higher |
Requirements
- Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field.
- 8+ years of experience in technical program management, with at least 3+ years focusing on cloud security or distributed systems security.
- Proven track record of driving large-scale security initiatives across complex, multi-tenant environments.
- In-depth understanding of security standards and compliance frameworks (e.g., SOC 2, ISO 27001, GDPR, HIPAA).
- Hands-on expertise with cloud architectures (AWS, GCP, or Azure), containerized environments, and modern deployment pipelines such as SecOps processes.
- Strong communication skills and the ability to effectively influence and collaborate with technical and non-technical stakeholders.
Responsibilities
- Develop and maintain a comprehensive security roadmap for TiDB Cloud, ensuring alignment with business objectives and regulatory requirements.
- Lead cross-functional initiatives to integrate security requirements into product design, development, and deployment phases.
- Collaborate closely with engineering teams to design and implement secure architectures, covering areas such as data protection, access control, identity management, and network security.
- Oversee security programs, processes, and metrics to monitor, measure, and continuously improve security posture.
- Manage third-party risk assessments, vendor evaluations, and security audits to ensure compliance with relevant frameworks (e.g., SOC 2, ISO 27001).
- Partner with product teams to align feature releases and cloud infrastructure upgrades with security protocols and governance standards.
- Establish incident response strategies and processes, collaborating with dedicated incident response teams to promptly remediate vulnerabilities or breaches.
- Advocate for a security-first culture, providing training and guidance to internal stakeholders and external key customers on best practices and emerging threats.
Preferred Qualifications
- Relevant security certifications (CISSP, CISM, etc.) are a plus.