Senior Technical Program Manager

About the role

The Senior Technical Program Manager, Security & GRC will work directly with our Infosec and Risk (GRC) teams to ensure that our improvements in security don’t slow us down in our mission to solve America’s retirement savings crisis. This role sits at the intersection of software engineering, corporate risk, and business operations. This TPM role will ensure that our security and risk teams are organized, coordinated and have well planned backlogs, but it is not managing a checklist. This role will help build and enable a technical ecosystem where security and compliance are automated, invisible, and inseparable from the software development lifecycle.

What you get to do every day

• Technical security orchestration: Partner with Security Engineering, Risk, Product, and Infrastructure teams to bake security and compliance "into the kiln" rather than painting it on at the end.
• Help design risk solutions: Dive deep into the security stack to not only identify execution blockers but actively architect the technical solutions to implement them.
• Help architect our security mission: Define the technical milestones for high-stakes initiatives like Zero Trust and IAM overhauls, translating a broad vision into a precise execution roadmap.
• Drive high-velocity operations: Lead agile security sprints that harmonize vulnerability remediation and threat detection with feature development, ensuring security moves at the speed of innovation.
• Optimize the "rhythm of the business" by automating manual GRC workflows, eliminating manual friction and moving us toward Compliance as Code.
• Translate telemetry into narrative: Distill complex security data and telemetry into compelling risk narratives for leadership while maintaining high-fidelity technical depth for engineers.
• Optimize the defensive roadmap: Command long-term strategic planning by aligning cloud infrastructure costs and security tooling with the company’s overarching defensive goals.
• Cultivate organizational excellence: Uphold a relentless culture of focus and accountability, identifying systemic inefficiencies and driving impact through superior tooling and process engineering.

What you bring to the role

• Bachelor's degree in CS, Engineering, or a related field. Crucially, you likely started your career as a Security Engineer, Systems Administrator, or Analyst.
• TPM professional for 5+ years, specifically managing high-stakes security, privacy, or infrastructure initiatives.
• You have a deep understanding of the Security SDLC and experience navigating cloud-native service architectures (AWS/GCP) with a focus on security guardrails.
• Experience translating regulatory frameworks (e.g., SOC2, ISO 27001, FedRAMP, or GDPR) into concrete technical requirements that engineers can actually execute.
• A proven ability to drive results across cross-functional teams.