Technical Program Manager

About Taskrabbit: Taskrabbit is a marketplace platform that conveniently connects people with Taskers to handle everyday home to-do’s, such as furniture assembly, handyman work, moving help, and much more. At Taskrabbit, we want to transform lives one task at a time. As a company we celebrate innovation, inclusion and hard work. Our culture is collaborative, pragmatic, and fast-paced. We’re looking for talented, entrepreneurially minded and data-driven people who also have a passion for helping people do what they love. Together with IKEA, we’re creating more opportunities for people to earn a consistent, meaningful income on their own terms by building lasting relationships with clients in communities around the world. Taskrabbit is a hybrid company with employees distributed across the US and EU and a Built In — Best Places to Work (2022, 2023, 2024, 2025) continually ranked across multiple national and regional categories. Join us at Taskrabbit, where your work will be meaningful, your ideas valued, and your potential unleashed! About the Role Taskrabbit is maturing its engineering organization toward a scalable, secure, and compliant environment, anchored on three programs: Oncall Modernization, Cloud Infrastructure Modernization, and CIS IG1 compliance. Today, the operational "process tail" of these programs—audit evidence gathering, cross-departmental coordination, policy rollout, vulnerability SLA enforcement, and periodic reviews, is absorbed by our most senior technical talent. This is our first dedicated Infrastructure & Security TPM. This role owns the program layer so our ICs and Engineering Managers can refocus on implementation, advisory, review, and architecture. You will drive CIS IG1 to sustained compliance, lead its expansion from engineering to the entire company, and build the foundation for IG2 and IG3. You will be the "air traffic controller" for security and infrastructure requests. This is a high-visibility, foundational role with a direct mandate to build durable processes from the ground up. You will report to the Director of TPM and partner daily with our infrastructure and security leadership. What You'll Do Compliance & Security Program Ownership Own the end-to-end CIS IG1 program: intake, evidence collection, SLA enforcement, and periodic review cycles across all 18 control families Expand CIS controls from local engineering teams to the entire company, and build the roadmap for IG2 and IG3 Maintain the CIS Crosswalk Tracker as a living record of audit readiness and control status Translate technical controls into actionable Jira workflows and enforceable remediation SLAs Manage the annual external Penetration Test program and track remediation of findings to closure Governance & Intake Design and operate a centralized intake process for security and infrastructure requests, ensuring engineers work only on vetted, prioritized work Standardize access-granting workflows for new hires, role changes, and tool requests—with full audit trails Establish and enforce SLAs for vulnerability remediation, PR reviews, and ticket response; report compliance to leadership Stakeholder & Cross-Functional Orchestration Serve as the primary interface between Engineering, Security, Legal, Finance, IT, and Procurement for security-related programs, vendor reviews, and audits Negotiate infrastructure and security work into team sprints; manage GIVE/GET dependency tracking with Engineering Directors Drive policy approvals and company-wide rollouts (e.g., Data Management, Secure Configuration, Access Control) from draft to operationalized and signed-off Operational Excellence (Run the Business) Operationalize recurring compliance work: quarterly access reviews, monthly vulnerability triage, bi-annual asset inventory updates, annual vendor reassessments, and tabletop BCP exercises Build and maintain dashboards and automated evidence pipelines to reduce manual compliance chores Report security posture, key metrics, and a "Security Score" to senior leadership in clear, business-readable terms Lead the BCP program: standardize templates, schedule tabletop exercises, document results, and drive remediation into engineering sprints Incident & Vulnerability Program Management Scale vulnerability management from local triage to a company-wide SLA-driven program using Wiz, HackerOne, and Jira Own the SLA—chasing teams to close critical findings within 7 days and reporting Days-to-Patch to leadership Manage the phishing response playbook and incident post-mortem process; ensure P0/P1 action items land in sprint Who You'll Work With Engineering Director, Infrastructure & Security Senior Manager, Cloud Infrastructure Security Manager  Infosec/Security team ICs Other TPM’s Engineering Managers and ICs across Cloud Infrastructure and SRE Legal (data retention, SOC2/vendor reviews), Finance (security budget), IT (endpoint and asset coverage, Okta), Procurement, and the Data Lead (PII inventory and retention) Senior Engineering and Product leadership (risk and metrics reporting) What We're Looking For Required Experience 3+ years of technical program management in an infrastructure, security, SRE, or compliance environment Demonstrated ability to translate security controls (e.g., CIS, SOC2) into actionable Jira workflows, SLAs, and repeatable operational processes Proven track record driving company-wide, cross-departmental initiatives through to completion—including securing stakeholder sign-offs and managing organizational resistance Experience operationalizing run-the-business processes: access reviews, vulnerability remediation tracking, audit evidence collection, and periodic compliance reviews Sufficient technical depth in cloud infrastructure, SRE, and infosec to coordinate credibly with engineers and translate findings for non-technical leaders Strong executive communication skills—able t