Technical Program Manager

  • Location:
    San Jose, California, US
  • Area of Interest
    Engineer - Software
  • Job Type
  • Technology Interest
    Service Provider
  • Job Id

What You'll Do

The Cisco Secure Development Lifecycle (SDL) is a repeatable and measurable process designed to increase Cisco product resiliency and trustworthiness. The combination of tools, processes, and awareness training introduced during the development lifecycle promotes defense-in-depth, provides a holistic approach to product resiliency, and establishes a culture of security awareness. Cisco SDL applies industry-leading practices and technology to build trustworthy solutions that have fewer field-discovered product security incidents.

In Technical Program Manager (Security & Compliance) role, you will be responsible for defining, leading and implementing CSDL for Cisco Mass Scale Infrastructure Group, including but not limited to:

  • Cisco Internal Requirements: Defined by the Cisco Product Security Baseline (PSB)
  • Product Security Requirements
  • 3rd Party Software Security and & Vulnerability Testing
  • Tracking
  • Secure Design, Coding and Analysis
  • Vulnerability Testing
  • Threat modeling
  • Cloud Authorization to Operate (CATO), PSIRT, IAP, DPP
  • Market-based Requirements: Outlined by the industry or space to which a product is deployed
  • Common Criteria Certification
  • Cryptographic validation for products containing encryption functionality
  • IPv6 certification
  • Department of Defense (DoD) Unified Capabilities Approved Products List
  • North American Electric Reliability Corporation - Critical Infrastructure Protection (NERC-CIP) - Country Compliance (ANSSI)

Responsibilities include:

  • Overall strategy for Trust & Compliance
  • Drive adoption and compliance of Cisco Secure Development Lifecycle (CSDL)
  • Managing projects, setting priorities and measurable objectives, multi-functional dependencies, planning, resourcing, scheduling, communication, implementation, and subsequent monitoring and reporting on the process, progress and results.
  • Ensuring delivery of projects ranging from process to technology implementation to security remediation.
  • Eliciting process development from team partners and iterating delivery of those process and associated documentation.
  • Developing executive and program communications
  • Partnering with internal teams and the business to define the project requirements and ensure their expectations are met and managed.
  • Manage communication apprising status and issues to team members, management and other project partners.
  • Provide effective program and project management leadership to meet deliverables in a multi-functional resourced environment.
  • Exercise sound management practices and support a collaborative and productive environment.
  • Leverage industry standards such as NIST framework & CIS Top 20 controls to identify and drive targeted initiatives to improve the risk posture of product and portfolio across organization.
  • Drive engagement with both internal partners and external vendors to perform penetration testing of Cisco’s infrastructure
  • Drive adoption and compliance of Cisco Secure Development Lifecycle (CSDL)
  • Lead metrics and reporting and work with the Security Primes to ensure quarterly security readouts on the risk posture are regularly conducted.
  • Lead automation and drive end-to-end remediation of vulnerabilities reported via existing operating procedures/metrics/dashboards to ensure compliance with corporate security policies and alignment to best practices across industries.
  • Identify & report on metrics that show the benefit & outcomes from the security initiatives and partner with cross-functional teams such as: Security & Trust Organization, Engineering, Global Risk and Compliance (GRC) to continue managing risk

Who You'll Work With

You will collaborate with our global Operations, IT, Engineering and Security & Trust teams to manage the CSDL program and associated compliance initiatives.

Who You Are

  • You are a self-starter with excellent communication, leadership and organization skills and are able to partner and influence key stakeholders. You are able to implement Security framework best practices and coach the broader organization to drive adoption. You have a proven experience that enables you to continually identify key security controls and best practices that need to be scaled for the entire organization.
  • Your business acumen and continuous learning mindset will enable you to thrive in the role and achieve impactful outcomes.
  • BS in Computer Science (or a related major) with 8+ years of experience, or MS Computer Science (or a related major) with 6+ years of experience.
  • Relevant experience in working on large programs, coordinating technology/process change and technical projects (Security/IT/CSDL related), involving multiple internal and external teams
  • Industry knowledge of security compliance tools/technology.
  • Familiarity with common audit frameworks and compliance programs (NIST, Cloud Security Alliance, FedRAMP, SOC 2, PCI, ISO 27001, etc.) and Cisco processes and tools, IAP/DPP, PSIRT, TPSD, CIAM
  • Program Management Certifications such as PgMP, PMP and/or Security Industry Certifications such as CISSP, CISM a plus.
  • Effectively (concisely and with accuracy) communicate problems, issues, risks, solutions, etc. both via written and oral methods to appropriate stakeholders and leadership
  • Excellent interpersonal and relationship management skills -ability to influence peers, managers and executives, driving towards a decision while managing ambiguity
  • Flexible, adaptable. Self-starter who learns quickly with minimal supervision
  • Ability to work well with many levels of management as well as technical contributors.
  • Organized and detail-oriented, with a high level of integrity and reliability.

Why Cisco


#WeAreCisco, where each person is unique, but we bring our talents to work as a team and make a difference. Here’s how we do it.

We embrace digital, and help our customers implement change in their digital businesses. Some may think we’re “old” (30 years strong!) and only about hardware, but we’re also a software company. And a security company. A blockchain company. An AI/Machine Learning company. We even invented an intuitive network that adapts, predicts, learns and protects. No other company can do what we do – you can’t put us in a box!

But “Digital Transformation” is an empty buzz phrase without a culture that allows for innovation, creativity, and yes, even failure (if you learn from it.)

Day to day, we focus on the give and take. We give our best, we give our egos a break and we give of ourselves (because giving back is built into our DNA.) We take accountability, we take bold steps, and we take difference to heart. Because without diversity of thought and a commitment to equality for all, there is no moving forward.

So, you have colorful hair? Don’t care. Tattoos? Show off your ink. Like polka dots? That’s cool.