← All verified jobs

Technical Program Manager

taskrabbit San Francisco, California, United States

See all open roles at taskrabbit

Ghost-risk verdict

Likely real

  • 755 open roles at this company in 30 days (mass-hiring blitz)

How we score ghost risk →

See your fit for this role and apply with a truthfully tailored résumé.

See my fit, free

About the role

About Taskrabbit:

Taskrabbit is a marketplace platform that conveniently connects people with Taskers to handle everyday home to-do’s, such as furniture assembly, handyman work, moving help, and much more.

At Taskrabbit, we want to transform lives one task at a time. As a company we celebrate innovation, inclusion and hard work. Our culture is collaborative, pragmatic, and fast-paced. We’re looking for talented, entrepreneurially minded and data-driven people who also have a passion for helping people do what they love. Together with IKEA, we’re creating more opportunities for people to earn a consistent, meaningful income on their own terms by building lasting relationships with clients in communities around the world.

Taskrabbit is a hybrid company with employees distributed across the US and EU and a Built In — Best Places to Work (2022, 2023, 2024, 2025) continually ranked across multiple national and regional categories. Join us at Taskrabbit, where your work will be meaningful, your ideas valued, and your potential unleashed!

About the Role

Taskrabbit is maturing its engineering organization toward a scalable, secure, and compliant environment, anchored on three programs: Oncall Modernization, Cloud Infrastructure Modernization, and CIS IG1 compliance. Today, the operational "process tail" of these programs—audit evidence gathering, cross-departmental coordination, policy rollout, vulnerability SLA enforcement, and periodic reviews, is absorbed by our most senior technical talent. This is our first dedicated Infrastructure & Security TPM.

This role owns the program layer so our ICs and Engineering Managers can refocus on implementation, advisory, review, and architecture. You will drive CIS IG1 to sustained compliance, lead its expansion from engineering to the entire company, and build the foundation for IG2 and IG3. You will be the "air traffic controller" for security and infrastructure requests.

This is a high-visibility, foundational role with a direct mandate to build durable processes from the ground up. You will report to the Director of TPM and partner daily with our infrastructure and security leadership.

What You'll Do

Compliance & Security Program Ownership

Own the end-to-end CIS IG1 program: intake, evidence collection, SLA enforcement, and periodic review cycles across all 18 control families

Expand CIS controls from local engineering teams to the entire company, and build the roadmap for IG2 and IG3

Maintain the CIS Crosswalk Tracker as a living record of audit readiness and control status

Translate technical controls into actionable Jira workflows and enforceable remediation SLAs

Manage the annual external Penetration Test program and track remediation of findings to closure

Governance & Intake

Design and operate a centralized intake process for security and infrastructure requests, ensuring engineers work only on vetted, prioritized work

Standardize access-granting workflows for new hires, role changes, and tool requests—with full audit trails

Establish and enforce SLAs for vulnerability remediation, PR reviews, and ticket response; report compliance to leadership

Stakeholder & Cross-Functional Orchestration

Serve as the primary interface between Engineering, Security, Legal, Finance, IT, and Procurement for security-related programs, vendor reviews, and audits

Negotiate infrastructure and security work into team sprints; manage GIVE/GET dependency tracking with Engineering Directors

Drive policy approvals and company-wide rollouts (e.g., Data Management, Secure Configuration, Access Control) from draft to operationalized and signed-off

Operational Excellence (Run the Business)

Operationalize recurring compliance work: quarterly access reviews, monthly vulnerability triage, bi-annual asset inventory updates, annual vendor reassessments, and tabletop BCP exercises

Build and maintain dashboards and automated evidence pipelines to reduce manual compliance chores

Report security posture, key metrics, and a "Security Score" to senior leadership in clear, business-readable terms

Lead the BCP program: standardize templates, schedule tabletop exercises, document results, and drive remediation into engineering sprints

Incident & Vulnerability Program Management

Scale vulnerability management from local triage to a company-wide SLA-driven program using Wiz, HackerOne, and Jira

Own the SLA—chasing teams to close critical findings within 7 days and reporting Days-to-Patch to leadership

Manage the phishing response playbook and incident post-mortem process; ensure P0/P1 action items land in sprint

Who You'll Work With

Engineering Director, Infrastructure & Security

Senior Manager, Cloud Infrastructure

Security Manager

Infosec/Security team ICs

Other TPM’s

Engineering Managers and ICs across Cloud Infrastructure and SRE

Legal (data retention, SOC2/vendor reviews), Finance (security budget), IT (endpoint and asset coverage, Okta), Procurement, and the Data Lead (PII inventory and retention)

Senior Engineering and Product leadership (risk and metrics reporting)

What We're Looking For

Required Experience

3+ years of technical program management in an infrastructure, security, SRE, or compliance environment

Demonstrated ability to translate security controls (e.g., CIS, SOC2) into actionable Jira workflows, SLAs, and repeatable operational processes

Proven track record driving company-wide, cross-departmental initiatives through to completion—including securing stakeholder sign-offs and managing organizational resistance

Experience operationalizing run-the-business processes: access reviews, vulnerability remediation tracking, audit evidence collection, and periodic compliance reviews

Sufficient technical depth in cloud infrastructure, SRE, and infosec to coordinate credibly with engineers and translate findings for non-technical leaders

Strong executive communication skills—able to synthesize technical risk into a business-readable security score and status report

End-to-end program ownership: from intake governance and dependency tracking through leadership reporting

Nice to Haves

Familiarity with CIS Controls v8.1 and the IG1/IG2/IG3 framework

Hands-on exposure to tools in our stack: Wiz, HackerOne, CrowdStrike, Datadog, Okta, JAMF, or KnowBe4

Experience supporting SOC2 or PCI audits

Jira workflow and dashboard configuration experience

Background in GRC (Governance, Risk, and Compliance) or security program management

Experience working in an organization operating under a parent- or partner-company compliance context

What Success Looks Like

ICs and Engineering Managers have measurably less coordination toil—30-40% of their program overhead returned to implementation and advisory work

CIS IG1 sustained at or near 100% with automated evidence pipelines, expanded beyond engineering to all departments

Centralized intake and governance live; SLAs for vulnerability remediation and request response published and enforced

At least one full periodic review cycle (quarterly access review or monthly vulnerability triage) fully operationalized with documented evidence within 90 days

BCP program established and validated via tabletop exercise within the first year

Leadership receives a clear, consistent security score and metrics report; technical risk is legible to the SLT

A credible roadmap for CIS IG2/IG3 underway within one year

Compensation & Benefits

At Taskrabbit, our approach to compensation is designed to be competitive, transparent and equitable. Total compensation consists of base pay + annual bonus + benefits + perks. The base pay range for this position is $87,000 - $120,000. This range is representative of base pay only, and does not include any other total cash compensation amounts, such as company bonus or benefits. Final offer amounts may vary from the amounts listed above, and will be determined by factors including, but not limited to, relevant experience, qualifications, geography, and level.

You’ll love working here because:

Taskrabbit is a Hybrid Company. We value flexibility and choice but also stay committed to regular in-person connection.

The People. You will be surrounded by some of the most talented, supportive, smart, and kind leaders and teams -- people you can be proud to work with!

The Diverse Culture. We believe that we make better decisions when our workforce reflects the diversity of the communities in which we operate. Women make up half of our leadership team and our diversity representation is above that of the tech industry average.

The Perks. Taskrabbit offers our employees with employer-paid health insurance and a 401k match with immediate vesting for our US based employees. We offer all of our global employees generous and flexible time off with 2 company-wide closure weeks, Taskrabbit product stipends, wellness + productivity + education stipends, IKEA discounts, reproductive health support, and more. Benefits vary by country of employment.

Taskrabbit’s commitment to Diversity and Inclusion:

An Active Commitment to Equity within our Company and Platform. We are an inclusive community where all who share our mission and values belong. Our diverse team represents the communities we serve, breaking down systemic barriers, and transforming lives- one action at a time.

Taskrabbit is an equal opportunity employer and values diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, ancestry, citizenship, sex, gender, gender identity, sexual orientation, age, marital status, military/veteran status, or disability status. Taskrabbit is committed to working with and providing reasonable accommodation to applicants with physical and mental disabilities.

Taskrabbit will consider for employment all qualified applicants with criminal histories in a manner consistent with applicable law.

Stop applying to ghosts.

OyaPilot surfaces only verified, real jobs, scores your fit, and tailors your application truthfully.