Staff Technical Program Manager - Security & Compliance Programs

Staff Technical Program Manager - Security & Compliance Programs

Seattle, Washington, United States

LVT is redefining how businesses operate in the physical world, moving beyond traditional security solutions to deliver AI-driven, actionable intelligence that makes sites smarter, safer, and more secure. Since pioneering our first mobile, solar-powered units, our commitment to scrappy, hands-on innovation has made us an established leader and one of the fastest-growing companies in intelligent site technology. We are building the next generation of solutions—from our physical units in the field to a powerful Agentic AI platform—that allows our customers to gain unprecedented visibility and control over safety, compliance, and operations. This is your chance to join a cutting-edge team that isn't just watching the world change, but actively building the technology that is changing it.

We're a team that's focused on growth and innovation, and we're proud that our crew, products, and leadership are being recognized for it.

• A Top-Tier Growth Company: Named one of the Financial Times' Fastest Growing Companies 2025 and #10 on the Inc. 5000 Rocky Mountain Regional list for 2025.
• Innovative Leadership: Our CEO, Ryan Porter, was named an EY Entrepreneur of the Year 2025, and our CTO, Steve Lindsey, was inducted into the Silicon Slopes CTO Hall of Fame in 2024.
• Product & Software Excellence: We were named one of The Software Report's Top 100 Software Companies of 2023 and are a winner of the Security Today Govies Award for 2025.

LVT is pursuing government and enterprise markets that demand rigorous security and compliance posture—including FedRAMP authorization, NIST 800-53 alignment, and continuous monitoring at scale. This role is the execution engine for those programs.

As Staff TPM — Security & Compliance Programs, you will own the end-to-end program execution for LVT's most critical security and regulatory initiatives. You will sit at the intersection of Engineering, Security, Cloud Infrastructure, Product, and external compliance stakeholders—translating complex regulatory requirements into engineering-ready roadmaps, driving control implementations, and ensuring LVT's platform is audit-ready, operationally durable, and positioned to serve regulated customers.

This is a builder and executor role in equal measure. You will bring clarity to ambiguity, drive cross-functional alignment without authority, and ensure LVT can move fast in regulated environments without cutting corners. You will report to the Director of Technical Program Management and work in close partnership with the Product and Engineering leaders, Head of Security Engineering, and Cloud Infrastructure leadership.

Role Responsibilities

• Security & Compliance Program Ownership
• Own end-to-end program execution for LVT's FedRAMP authorization effort and related regulatory initiatives (NIST 800-53, SOC 2, CJIS, or equivalent), from readiness assessment through Authorization to Operate (ATO).
• Translate regulatory control frameworks (e.g., NIST 800-53 control families) into actionable engineering backlogs, implementation roadmaps, milestone schedules, and measurable exit criteria.
• Maintain integrated program plans, risk registers, RAID logs, and dependency maps that reflect real-time program health across multiple workstreams.
• Coordinate and improve the end-to-end evidence lifecycle—collection, validation, freshness, and repeatability—partnering with engineering to scale compliance automation and reduce manual burden over time.
• Drive cross-team delivery of control implementations, remediation plans, and release sequencing across Cloud Engineering, Security Engineering, DevOps, and Product teams.
• Cross-Functional Execution & Stakeholder Management
• Serve as the primary execution liaison between Engineering teams and compliance stakeholders (internal audit, external 3PAO assessors, and government agency reviewers), ensuring work is audit-ready and documentation is operationally durable.
• Proactively identify and surface technical dependencies, program risks, and cross-team blockers; drive mitigation strategies before they impact delivery timelines or compliance windows.
• Coordinate integration between security/compliance work and LVT's broader product and infrastructure roadmaps—ensuring compliance is embedded in delivery rather than bolted on.
• Partner with external vendors, 3PAO assessors (e.g., Schellman or equivalent), cloud boundary/ATO providers, and government stakeholders to manage assessment readiness and evidence submission cycles.
• Operational Rigor & Reporting
• Design and maintain lightweight but effective reporting cadences that give executive stakeholders real-time visibility into program health, compliance milestone status, and risk posture—without creating theater.
• Build and maintain program dashboards, status reporting artifacts, and board-level summaries that communicate compliance trajectory, open risks, and remediation velocity in plain language.
• Establish repeatable processes and tooling for evidence collection, continuous monitoring readiness, and audit cycle preparation that reduce per-cycle effort as the program matures.
• Champion a data-driven culture within the security and infrastructure programs—using metrics on control implementation velocity, open findings aging, and remediation SLA adherence to drive accountability.
• Technical Program Management Craft
• Engage credibly with engineering leads on architecture decisions related to cloud infrastructure, identity and access management, vulnerability management, CI/CD controls, observability, and incident response—understanding enough to ask the right questions and sequence the right work.
• Apply modern delivery practices (Agile, iterative milestone planning) to compliance program execution; adapt cadences as the program shifts from readiness to authorization to continuous monitoring.
• Identify and close gaps between LVT's residual application-layer controls, IoT/edge telemetry boundary scoping, and continuous monitoring readiness as relevant to the authorization boundary.
• Contribute to the broader TPM function's operational frameworks, delivery playbooks, and cross-program dependency management as LVT's TPM practice scales.

Our Ideal Candidate

Required Experience & Qualifications

• 8+ years of experience in Technical Program Management or a related engineering execution role.
• 4+ years of hands-on experience leading security, compliance, or infrastructure-focused technical programs—with direct ownership of at least one significant compliance initiative (FedRAMP, NIST 800-53, SOC 2) from planning through completion or authorization.
• Demonstrated ability to translate regulatory control frameworks into engineering roadmaps, backlogs, and actionable milestones with clear exit criteria.
• Experience managing cross-functional programs across distributed engineering teams (cloud, security, DevOps/infrastructure) without direct authority—influencing through credibility, clarity, and relationship.
• Strong familiarity with modern cloud infrastructure delivery: infrastructure-as-code, CI/CD pipelines, identity and access management, vulnerability management, SIEM/CSPM tooling, observability platforms, and incident response processes.
• Experience coordinating with external compliance assessors (3PAOs, auditors, agency liaisons) and managing evidence lifecycle and submission readiness.
• Proven track record of building lightweight but durable operational processes that improve compliance delivery velocity without adding bureaucratic drag.
• Exceptional written and verbal communication skills—ability to translate technical control status into crisp executive narratives and to write clear, unambiguous program documentation suitable for audit review.
• Bachelor's degree in Computer Science, Engineering, Information Systems, or a related technical field; equivalent practical experience accepted.

Strongly Preferred

• Direct experience with FedRAMP authorization pathways, including system security plan (SSP) development, and ATO milestone management.
• Familiarity with compliance automation and evidence tooling: policy-as-code, automated control validation in CI/CD, CSPM outputs, and continuous monitoring dashboards.
• Experience working in IoT, edge computing, or physical security product environments where the authorization boundary includes both cloud and edge/device components.
• Background in or direct exposure to SaaS platform delivery, firmware/embedded programs, or AI/ML systems that require security integration into delivery pipelines.
• Experience engaging with government procurement, agency authorization bodies, or contract manufacturing in regulated contexts.

Who You Are

• You bring order to complexity without becoming the bottleneck—you unblock teams, not slow them down.
• You hold the details and the big picture simultaneously: you can navigate a NIST control family in the morning