Technical Program Manager Security

📋 Description

• • Own the end-to-end lifecycle of security programs that protect the experiences of 750 million weekly viewers. You will translate the CISO’s strategic vision into quarterly OKRs, sprint plans, and measurable deliverables across AppSec, Cloud Security, Privacy, GRC, and Threat Management.
• • Be the single point of orchestration for security execution across JioHotstar, JioStar Cloud, and emerging business units. You will surface hidden dependencies, negotiate trade-offs, and unblock teams so that security commitments land on time without derailing product velocity.
• • Operationalize security at scale by designing lightweight governance rituals—RFC templates, retrospectives, PIR playbooks—that keep engineers focused on code while ensuring compliance and risk reduction. Your runbooks become the operating system for 200+ engineers and 10+ security specialists.
• • Build and maintain a living program calendar that aligns sprint cycles, penetration-test windows, audit checkpoints, and release freezes. You will balance aggressive product roadmaps with zero-trust milestones and privacy-by-design reviews.
• • Define, instrument, and evangelize KPIs that matter: mean-time-to-remediate critical vulns, % services with guardrails enforced, privacy-risk heat-map trendlines, and audit-finding closure velocity. You will turn these metrics into crisp dashboards that the CISO can present to the board in under five minutes.
• • Act as the diplomatic bridge between InfraSec, AppSec, Privacy, Risk, DevOps, and product squads. You will translate security jargon into product impact and vice-versa, ensuring every stakeholder understands why a two-day design review today prevents a two-week incident tomorrow.
• • Drive closure of security findings by embedding yourself in engineering rituals—stand-ups, design reviews, post-mortems—and coaching teams on pragmatic fixes. When a zero-day drops, you coordinate the war-room, manage comms, and shepherd the patch from pull-request to production within SLA.
• • Maintain high-signal documentation: living roadmaps, risk registers, decision logs, and status updates that survive personnel changes and midnight escalations. Your artifacts become the institutional memory that lets new hires ramp in days, not months.
• • Champion a culture of continuous improvement by running blameless post-incident reviews, publishing lessons learned, and integrating feedback loops into every security program. You will turn each incident into a force multiplier for future resilience.
• • Stay ahead of the curve by monitoring threat intel, regulatory shifts (TRAI, RBI, GDPR, DPDP Act), and cloud-provider roadmaps. You will feed these insights back into program planning so that JioStar is never caught off-guard.