Lead Technical Program Manager, Information Security Management System

Comprehensive Benefits Package at Google

In accordance with Washington state law, Google offers a comprehensive benefits package to all eligible US-based employees. Benefits for this role include health, dental, vision, life, and disability insurance. Retirement benefits include a 401(k) with company match. Paid Time Off includes 20 days of vacation per year (accruing at 6.15 hours per pay period for the first five years), 40 hours/year of sick time (statutory), 5 days/event (discretionary), 28-30 weeks of Maternity Leave (Short-Term Disability + Baby Bonding), 18 weeks of Baby Bonding Leave, and 13 paid holidays per year.

You will have an opportunity to share your preferred working location from the following: New York, NY, USA; Austin, TX, USA; Sunnyvale, CA, USA; Washington D.C., DC, USA.

About the Role and Impact at Google

At Google, we believe a problem is truly solved only when it’s solved for all. As a Technical Program Manager, you’ll leverage your technical expertise to lead intricate, multi-disciplinary projects from inception to completion. This involves collaborating with stakeholders to define requirements, identify risks, manage project timelines, and ensure clear communication with cross-functional partners across the company. You will be adept at presenting analyses and recommendations to executives while also engaging in detailed technical discussions with engineers about product development trade-offs.

Google’s Information Security Management System (ISMS) and common controls serve as the fundamental framework enabling over 400 products to meet compliance obligations for critical regulations and standards. This Lead Technical Program Manager, Information Security Management System position presents a unique opportunity to re-imagine the security compliance function from the ground up, establishing a scalable, data-driven, and AI-enabled model, while also ensuring all immediate obligations are met consistently and efficiently.

Key Responsibilities as Lead Technical Program Manager, Information Security Management System

As the Lead Technical Program Manager, you will act as the primary liaison between our centralized compliance function and Google’s extensive ecosystem of Product Areas, including Search, YouTube, Android, and Cloud. Given that a significant portion of our compliance posture relies on federated people, processes, and technologies across more than 400 products, your role will involve designing and implementing engagement frameworks, governance structures, and accountability models necessary to scale compliance across these diverse environments. This requires a distinctive combination of deep technical security acumen and exceptional executive influencing skills to foster alignment and accountability even without direct authority.

• Establish clear responsibility and accountability models for federated controls across Google's product areas.
• Drive the structure and execution of continuous, cross-functional engagement with product area leaders, acting as the central compliance ambassador to integrate ISMS requirements seamlessly into engineering roadmaps.
• Partner with security and engineering teams to ensure local controls meet regulatory standards (e.g., ISO, SOC, NIS2).
• Guide product areas through complex audit preparations, facilitate evidence collection, and help defend federated implementations to external auditors.
• Collaborate closely with local risk teams to identify synergies, converge redundant efforts, and amplify a unified approach to product area security risk and compliance reporting, thereby reducing friction for engineering teams.
• Leverage your technical background to deeply understand team architectures and operations, translating central compliance and regulatory mandates into practical, engineer-friendly technical requirements.

Minimum Qualifications

• Bachelor's degree in a technical field, or equivalent practical experience.
• 8 years of experience in technical program management, managing cross-functional engineering or security programs.

Preferred Qualifications

• Experience mapping complex regulatory requirements to technical implementations in modern software development and infrastructure environments.
• Experience managing compliance or GRC frameworks (e.g., ISO 27001, SOC2, NIS2) across a large and federated product portfolio.
• Understanding of information security principles, cloud architectures, and enterprise control frameworks.
• Track record of driving large-scale, cross-organizational initiatives, defining governance structures, and establishing accountability models in a federated or matrixed corporate environment.
• Exceptional executive presence and influencing skills, with the ability to negotiate, untangle complex organizational problems, and drive alignment with executive engineering leaders (Director/VP level) without direct reporting lines.

Key skills/competency

• Information Security Management System (ISMS)
• Regulatory Compliance (ISO 27001, SOC2, NIS2)
• Technical Program Management
• Cross-functional Leadership
• Governance, Risk, and Compliance (GRC)
• Cloud Architectures
• Security Principles
• Audit Management
• Stakeholder Management
• Executive Communication