Staff Technical Program Manager - Security Risk Management
San Francisco, California
Aurora Innovation
Aurora is building self-driving technology that will revolutionize the future of transportation.Who We Are
Aurora (Nasdaq: AUR) is delivering the benefits of self-driving technology safely, quickly, and broadly to make transportation safer, increasingly accessible, and more reliable and efficient than ever before. The Aurora Driver is a self-driving system designed to operate multiple vehicle types, from freight-hauling semi-trucks to ride-hailing passenger vehicles, and underpins Aurora Horizon and Aurora Connect, its driver-as-a-service products for trucking and ride-hailing. Aurora is working with industry leaders across the transportation ecosystem, including Toyota, FedEx, Volvo Trucks, PACCAR, Uber, Uber Freight, U.S. Xpress, Werner, Covenant, Schneider, and Ryder. For Aurora’s latest news, visit aurora.tech and @aurora_inno on Twitter.
Aurora hires talented people with diverse backgrounds who are ready to help build a transportation ecosystem that will make our roads safer, get crucial goods where they need to go, and make mobility more efficient and accessible for all. The mission of Aurora’s Security Technical Program Management (TPM) team is to embed security into every aspect of Aurora’s products—spanning software, hardware, and services. As a key member of this team, you will be responsible for driving security strategy and initiatives across the organization, ensuring that security is a fundamental part of the product development process. You will act as a bridge between Security and Product teams, moving seamlessly between high-level strategy and detailed execution to ensure that complex, cross-functional security programs are successfully integrated into product development. Your ability to lead, influence, and manage large-scale security initiatives will be essential in safeguarding Aurora’s products and ensuring they meet the highest security standards.
Job level is negotiable based on experience. Flexible work locations are available (MTV, SFO, PIT, SEA) for US-based employees (Full remote is not available for this role).
In this role, you will
- Lead security integration: Develop and execute security assurance, governance, and risk management programs, ensuring they are deeply embedded into all phases of product development and aligned with company objectives.
- Collaborate with product teams: Work closely with product management, engineering, and security teams to assess product risks, prioritize security initiatives, and implement strategic controls that protect both product integrity and user trust.
- Drive external assessments: Oversee external security assessments and penetration tests, translating findings into actionable risk mitigation strategies that enhance product security.
- Manage product risk: Lead the security risk management program with a focus on product-related risks, ensuring alignment with enterprise risk management efforts and compliance with industry regulations.
- Monitor and report: Define and report on key performance indicators (KPIs) related to product and security risks, ensuring transparency and data-driven decision-making across the organization.
Required Qualifications
- 10+ years of experience in Technical Program Management, with a strong focus on cybersecurity, particularly within the context of product development.
- Bachelor’s or Master’s degree in Computer Science, Information Security, or a related technical field, or equivalent experience.
- Proven experience leading large-scale security programs with an emphasis on integrating security into product development cycles.
- Strong communication and leadership skills, with the ability to influence and collaborate with cross-functional product teams.
- Hands-on experience managing external security assessments and penetration tests, with the ability to translate technical findings into practical security improvements for products.
Desirable Qualifications
- Advanced certifications such as CISSP, OSCP, GIAC-PEN, CISM, or equivalent, demonstrating expertise in cybersecurity and product risk management.
- Experience building and scaling security programs from the ground up, particularly in product-focused environments or industries with stringent security requirements.
- Strong knowledge of industry security standards and regulations (e.g., ISO 27001, SOC2, NIST, GDPR), with proven experience ensuring product compliance.
- Proven ability to lead organizational change, especially in implementing new security processes within product teams.
- Excellent communication skills, with the ability to explain complex security concepts to both technical and non-technical stakeholders, particularly in a product context.
The base salary range for this position is $220-$352K per year. Aurora’s pay ranges are determined by role, level, and location. Within the range, the successful candidate’s starting base pay will be determined based on factors including job-related skills, experience, qualifications, relevant education or training, and market conditions. These ranges may be modified in the future. The successful candidate will also be eligible for an annual bonus, equity compensation, and benefits.
#LI-SP1
#Mid-Senior
Working at Aurora
At Aurora, we bring together extraordinarily talented and experienced people united by the strength of our values. We operate with integrity, set outrageous goals, and build a culture where we win together — all without any jerks.
We have offices in several locations across the United States, where we encourage team and cross-functional collaboration. Aurora offers competitive medical, dental, and vision benefits, and additional healthcare support including medical transportation reimbursement, fertility, adoption, and surrogacy benefits. We empower our employees and their families with options to further their unique physical, mental, and financial well-being.
Our Learning and Development offerings include Aurora Academy, where our people learn, develop, and practice the essential skills that drive Aurora’s mission, continually up-leveling our team along the way. Our Careers page provides insight into career opportunities at Aurora, and you can find all the latest news on our Blog.
Safety is central to everything we do. Every employee at Aurora has a role in contributing to safety, every step of the way. We seek candidates who take active responsibility, can contribute to building an atmosphere of trust, and invest in the organization's long-term success by working safely — no matter what.
We believe that self-driving technology has broad benefits – including increased access to transportation. To realize those benefits, we need a workforce with diverse experiences, insights, and perspectives — a workforce that reflects the communities our technology will serve.
Aurora is committed to providing access to anyone who seeks information from our website. We invite anyone using assistive technologies, such as a screen reader or Braille reader, to email us at careersiteaccommodations@aurora.tech if they experience difficulty using our website. Please describe the accessibility problem and include a URL (if available).
Aurora considers candidates without regard to their race, color, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, pregnancy status, parent or caregiver status, ancestry, political affiliation, veteran and/or military status, physical or mental disability, or any other status protected by federal or state law. Aurora considers qualified applicants with criminal histories, consistent with applicable federal, state and local law. We are also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at careersiteaccommodations@aurora.tech.
For California applicants, information collected and processed as part of your application and any job applications you choose to submit is subject to Aurora’s California Employment Privacy Policy.
Diversity, Equity and Inclusion
At Aurora, every employee is empowered to take an active role in building an inclusive, collaborative, and unified culture that leverages our diverse strengths, perspectives, and backgrounds.
Transforming how the world moves people and goods involves seeking to understand backgrounds, insights, and lived experiences that differ from our own. One way we accomplish that is with our 15 employee-led Aurora Unified Groups, which support diverse voices and drive inclusive collaboration. We believe that teamwork, belonging, and trust motivate and support our employees to do their best work. As our team grows, we strive to attract and retain exceptional talent that adds new perspectives and experiences and continues to drive innovation. Learn more on our Culture Page.
We are committed to helping qualified military community members leverage their talents in service of our mission. To understand how your military experience aligns with career opportunities at Aurora, review your military job classification at MyNextMove.org and consider applying for open positions corresponding to your identified skills and experiences!
Tags: CISM CISSP Compliance Computer Science GDPR GIAC Governance ISO 27001 KPIs NIST OSCP Privacy Product security Risk management Security assessment Security strategy SOC 2 Strategy
Perks/benefits: Career development Competitive pay Equity / stock options Fertility benefits Flex hours Health care Salary bonus Transparency
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.