Back to jobs

Technical Program Manager

San Francisco, California, United States

About Taskrabbit:

Taskrabbit is a marketplace platform that conveniently connects people with Taskers to handle everyday home to-do’s, such as furniture assembly, handyman work, moving help, and much more.

At Taskrabbit, we want to transform lives one task at a time. As a company we celebrate innovation, inclusion and hard work. Our culture is collaborative, pragmatic, and fast-paced. We’re looking for talented, entrepreneurially minded and data-driven people who also have a passion for helping people do what they love. Together with IKEA, we’re creating more opportunities for people to earn a consistent, meaningful income on their own terms by building lasting relationships with clients in communities around the world.

Taskrabbit is a hybrid company with employees distributed across the US and EU and a Built In — Best Places to Work (2022, 2023, 2024, 2025) continually ranked across multiple national and regional categories. Join us at Taskrabbit, where your work will be meaningful, your ideas valued, and your potential unleashed!

About the Role

Taskrabbit is maturing its engineering organization toward a scalable, secure, and compliant environment, anchored on three programs: Oncall Modernization, Cloud Infrastructure Modernization, and CIS IG1 compliance. Today, the operational "process tail" of these programs—audit evidence gathering, cross-departmental coordination, policy rollout, vulnerability SLA enforcement, and periodic reviews, is absorbed by our most senior technical talent. This is our first dedicated Infrastructure & Security TPM.

This role owns the program layer so our ICs and Engineering Managers can refocus on implementation, advisory, review, and architecture. You will drive CIS IG1 to sustained compliance, lead its expansion from engineering to the entire company, and build the foundation for IG2 and IG3. You will be the "air traffic controller" for security and infrastructure requests.

This is a high-visibility, foundational role with a direct mandate to build durable processes from the ground up. You will report to the Director of TPM and partner daily with our infrastructure and security leadership.

What You'll Do

Compliance & Security Program Ownership

  • Own the end-to-end CIS IG1 program: intake, evidence collection, SLA enforcement, and periodic review cycles across all 18 control families
  • Expand CIS controls from local engineering teams to the entire company, and build the roadmap for IG2 and IG3
  • Maintain the CIS Crosswalk Tracker as a living record of audit readiness and control status
  • Translate technical controls into actionable Jira workflows and enforceable remediation SLAs
  • Manage the annual external Penetration Test program and track remediation of findings to closure

Governance & Intake

  • Design and operate a centralized intake process for security and infrastructure requests, ensuring engineers work only on vetted, prioritized work
  • Standardize access-granting workflows for new hires, role changes, and tool requests—with full audit trails
  • Establish and enforce SLAs for vulnerability remediation, PR reviews, and ticket response; report compliance to leadership

Stakeholder & Cross-Functional Orchestration

  • Serve as the primary interface between Engineering, Security, Legal, Finance, IT, and Procurement for security-related programs, vendor reviews, and audits
  • Negotiate infrastructure and security work into team sprints; manage GIVE/GET dependency tracking with Engineering Directors
  • Drive policy approvals and company-wide rollouts (e.g., Data Management, Secure Configuration, Access Control) from draft to operationalized and signed-off

Operational Excellence (Run the Business)

  • Operationalize recurring compliance work: quarterly access reviews, monthly vulnerability triage, bi-annual asset inventory updates, annual vendor reassessments, and tabletop BCP exercises
  • Build and maintain dashboards and automated evidence pipelines to reduce manual compliance chores
  • Report security posture, key metrics, and a "Security Score" to senior leadership in clear, business-readable terms
  • Lead the BCP program: standardize templates, schedule tabletop exercises, document results, and drive remediation into engineering sprints

Incident & Vulnerability Program Management

  • Scale vulnerability management from local triage to a company-wide SLA-driven program using Wiz, HackerOne, and Jira
  • Own the SLA—chasing teams to close critical findings within 7 days and reporting Days-to-Patch to leadership
  • Manage the phishing response playbook and incident post-mortem process; ensure P0/P1 action items land in sprint

Who You'll Work With

  • Engineering Director, Infrastructure & Security
  • Senior Manager, Cloud Infrastructure
  • Security Manager 
  • Infosec/Security team ICs
  • Other TPM’s
  • Engineering Managers and ICs across Cloud Infrastructure and SRE
  • Legal (data retention, SOC2/vendor reviews), Finance (security budget), IT (endpoint and asset coverage, Okta), Procurement, and the Data Lead (PII inventory and retention)
  • Senior Engineering and Product leadership (risk and metrics reporting)

What We're Looking For

Required Experience

  • 3+ years of technical program management in an infrastructure, security, SRE, or compliance environment
  • Demonstrated ability to translate security controls (e.g., CIS, SOC2) into actionable Jira workflows, SLAs, and repeatable operational processes
  • Proven track record driving company-wide, cross-departmental initiatives through to completion—including securing stakeholder sign-offs and managing organizational resistance
  • Experience operationalizing run-the-business processes: access reviews, vulnerability remediation tracking, audit evidence collection, and periodic compliance reviews
  • Sufficient technical depth in cloud infrastructure, SRE, and infosec to coordinate credibly with engineers and translate findings for non-technical leaders
  • Strong executive communication skills—able to synthesize technical risk into a business-readable security score and status report
  • End-to-end program ownership: from intake governance and dependency tracking through leadership reporting

Nice to Haves

  • Familiarity with CIS Controls v8.1 and the IG1/IG2/IG3 framework
  • Hands-on exposure to tools in our stack: Wiz, HackerOne, CrowdStrike, Datadog, Okta, JAMF, or KnowBe4
  • Experience supporting SOC2 or PCI audits
  • Jira workflow and dashboard configuration experience
  • Background in GRC (Governance, Risk, and Compliance) or security program management
  • Experience working in an organization operating under a parent- or partner-company compliance context

What Success Looks Like

  • ICs and Engineering Managers have measurably less coordination toil—30-40% of their program overhead returned to implementation and advisory work
  • CIS IG1 sustained at or near 100% with automated evidence pipelines, expanded beyond engineering to all departments
  • Centralized intake and governance live; SLAs for vulnerability remediation and request response published and enforced
  • At least one full periodic review cycle (quarterly access review or monthly vulnerability triage) fully operationalized with documented evidence within 90 days
  • BCP program established and validated via tabletop exercise within the first year
  • Leadership receives a clear, consistent security score and metrics report; technical risk is legible to the SLT
  • A credible roadmap for CIS IG2/IG3 underway within one year

Compensation & Benefits

At Taskrabbit, our approach to compensation is designed to be competitive, transparent and equitable. Total compensation consists of base pay + annual bonus + benefits + perks. The base pay range for this position is $87,000 - $120,000. This range is representative of base pay only, and does not include any other total cash compensation amounts, such as company bonus or benefits. Final offer amounts may vary from the amounts listed above, and will be determined by factors including, but not limited to, relevant experience, qualifications, geography, and level.

You’ll love working here because:

  • Taskrabbit is a Hybrid Company. We value flexibility and choice but also stay committed to regular in-person connection.
  • The People. You will be surrounded by some of the most talented, supportive, smart, and kind leaders and teams -- people you can be proud to work with!
  • The Diverse Culture. We believe that we make better decisions when our workforce reflects the diversity of the communities in which we operate. Women make up half of our leadership team and our diversity representation is above that of the tech industry average.
  • The Perks. Taskrabbit offers our employees with employer-paid health insurance and a 401k match with immediate vesting for our US based employees. We offer all of our global employees generous and flexible time off with 2 company-wide closure weeks, Taskrabbit product stipends, wellness + productivity + education stipends, IKEA discounts, reproductive health support, and more. Benefits vary by country of employment. 

Taskrabbit’s commitment to Diversity and Inclusion:

An Active Commitment to Equity within our Company and Platform. We are an inclusive community where all who share our mission and values belong. Our diverse team represents the communities we serve, breaking down systemic barriers, and transforming lives- one action at a time.

Taskrabbit is an equal opportunity employer and values diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, ancestry, citizenship, sex, gender, gender identity, sexual orientation, age, marital status, military/veteran status, or disability status. Taskrabbit is committed to working with and providing reasonable accommodation to applicants with physical and mental disabilities. 

Taskrabbit will consider for employment all qualified applicants with criminal histories in a manner consistent with applicable law. 

Create a Job Alert

Interested in building your career at Taskrabbit? Get future opportunities sent straight to your email.

Apply for this job

*

indicates a required field

Phone
Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf


Select...
Select...
Select...
Select...

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Taskrabbit’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Select...
Select...
Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Select...

Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Select...

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.