At GFiber, we believe in the power of great internet that lets people do more, helps communities get stronger and makes amazing things possible. We’re not just growing to build better internet experiences, we’re also building a welcoming place where people who want to make a difference can grow their careers.

GFiber is an Alphabet company that brings Google Fiber and Google Fiber Webpass internet services to homes and businesses across the United States. Our growing, inclusive team is expanding as we connect more cities and people.

The application window will be open until at least November 15th, 2024 . This opportunity will remain online based on business needs which may be before or after the specified date.

The Governance, Risk, and Compliance (GRC) team at GFiber is responsible for partnering across the business to help GFiber meet the highest security standards while supporting growth and innovation. As part of the GFiber’s cybersecurity organization, GRC supports stakeholders in making informed decisions while managing risks and ensuring our security posture is robust and continuously improving.

As a Technical Program Manager (TPM) on this team, you'll play a critical role in driving security initiatives that protect our company and our customers. You'll collaborate with engineers, security experts, and business leaders to implement and manage security programs, assess and mitigate risks, and ensure compliance with industry regulations. This is an opportunity to make a real impact on our security posture while working alongside a talented and passionate team.

Role Description

As a TPM, you will play a key role in defining, implementing, and managing security programs that align with our company's strategic objectives and regulatory requirements. You will collaborate closely with engineers, security experts, and business stakeholders to ensure our security posture is robust and continuously improving. You will create and manage security programs, assess and mitigate risks, lead third-party risk management, and report on security and compliance posture.

In this role, you'll:

Lead and manage the end-to-end lifecycle of complex security programs and projects within the GRC domain. This includes defining scope, objectives, timelines, and success metrics.

Contribute to the identification, assessment, and mitigation of cybersecurity risks. Collaborate with risk owners to develop remediation plans and track progress.

Support compliance with relevant security regulations and standards (e.g., ISO 27001, CCPA). Assist with audits, assessments, and the implementation of compliance controls.

Identify opportunities to improve GRC processes and workflows. Develop and implement solutions to enhance efficiency and effectiveness.

Build strong relationships with key stakeholders across different teams and departments to effectively communicate: program value, updates, risks and issues.

At a minimum we'd like you to have:

Bachelor’s degree or equivalent practical experience.

5 years of experience in a technical program management role, with at least 2 years focused on cybersecurity or GRC.

Experience with cybersecurity principles, frameworks, security technologies, controls and best practices.

Experience working in an Agile environment and applying Agile principles to program management.

It's preferred if you have:

Ability to derive business risk and impact from technical reports and documentation in order to make or advise on business decisions.

Experience in communications leadership (e.g. tailor comms to different audiences), execution (e.g. independently driving outcomes) and planning (e.g. make teams more effective via use of agile methodologies).

Experience presenting and working with C-level executives and cross functional partners.

Experience developing and implementing security policies and standards.

Administrative or compliance experience with modern enterprise tooling such as: Okta, ServiceNow, Github or Jira.

Advanced knowledge of applicable federal and state laws (CCPA), rules and regulations such as National Information of Standards and Technology (NIST), and International Standards Organization (ISO), ISO 27001/27002, PCI DSS, or other Information security requirements and frameworks.

The US base salary range for this full-time position is between $118,000 - $172,000 + bonus + cash award + benefits. As pay varies by location, your recruiter will share more about the specific salary range for your targeted location during the hiring process.

GFiber is committed to equal opportunity employment regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, gender identity, age, citizenship, marital status, disability or Veteran status. Disclosure is voluntary, and this information will be kept confidential in compliance with Google's Candidate Privacy Policy. For more information please refer to our Equal Employment Opportunity Policy and the EEOC's "Know your rights: workplace discrimination is illegal" (PDF) .

It's important to us to create an accessible, inclusive workplace for everyone. If you have a need that requires accommodation, please let us know by completing our accommodations for applicants form (https://docs.google.com/forms/d/e/1FAIpQLSdssMbqAfgzQyXmBStjjc-OOg64CssJRQf5_yWGEBClZZrkpw/viewform?resourcekey=0-CxawQc0qPzP7wkZuem4M3A) . Our candidate accommodations team will then connect with you to confidentially discuss your options.