Principal Technical Program Manager - Cloud Security
Remote in San Francisco Bay Area, Seattle, or West coast timezone
PingCAP
TiDB is an open-source, MySQL compatible, distributed SQL database. It powers companies like LinkedIn, Pinterest, Square, and more.About the Role:We are seeking an experienced Principal Technical Program Manager (TPM) to lead and drive the security strategy for the next generation of TiDB Cloud. In this role, you will collaborate with engineering, product management, and other cross-functional teams to ensure our platform’s security posture meets the highest standards. You will be responsible for defining security roadmaps, implementing best practices, and overseeing compliance requirements across various global regions. This is a high-impact role with broad scope and influence, offering the opportunity to shape the security foundations of a cutting-edge distributed database cloud service.
Responsibilities:Develop and maintain a comprehensive security roadmap for TiDB Cloud, ensuring alignment with business objectives and regulatory requirements.Lead cross-functional initiatives to integrate security requirements into product design, development, and deployment phases.Collaborate closely with engineering teams to design and implement secure architectures, covering areas such as data protection, access control, identity management, and network security.Oversee security programs, processes, and metrics to monitor, measure, and continuously improve security posture.Manage third-party risk assessments, vendor evaluations, and security audits to ensure compliance with relevant frameworks (e.g., SOC 2, ISO 27001).Partner with product teams to align feature releases and cloud infrastructure upgrades with security protocols and governance standards.Establish incident response strategies and processes, collaborating with dedicated incident response teams to promptly remediate vulnerabilities or breaches.Advocate for a security-first culture, providing training and guidance to internal stakeholders and external key customers on best practices and emerging threats.
Qualifications:Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field.8+ years of experience in technical program management, with at least 3+ years focusing on cloud security or distributed systems security.Proven track record of driving large-scale security initiatives across complex, multi-tenant environments.In-depth understanding of security standards and compliance frameworks (e.g., SOC 2, ISO 27001, GDPR, HIPAA).Hands-on expertise with cloud architectures (AWS, GCP, or Azure), containerized environments, and modern deployment pipelines such as SecOps processes.Strong communication skills and the ability to effectively influence and collaborate with technical and non-technical stakeholders.Relevant security certifications (CISSP, CISM, etc.) are a plus.Demonstrated ability to navigate ambiguity, prioritize competing demands, and deliver high-quality results in a fast-paced environment.We encourage people from underrepresented groups to apply. Come advance with us! In keeping with our values, no employee or applicant will face discrimination/harassment based on: race, color, ancestry, national origin, religion, age, gender, marital domestic partner status, sexual orientation, gender identity, disability status, or veteran status. PingCAP also strives to prevent other, subtler forms of inappropriate behavior (e.g., stereotyping) from ever gaining a foothold in our organization. Whether blatant or hidden, barriers to success have no place at PingCAP.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics Audits AWS Azure CISM CISSP Cloud Compliance Computer Science E-commerce GCP GDPR GitHub Governance HIPAA Incident response ISO 27001 Network security Risk assessment SecOps Security strategy SOC SOC 2 SQL Strategy Vulnerabilities
Perks/benefits: Startup environment
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.