Technical Program Manager II, Risk and Controls Strategy, CISO
- linkCopy link
- emailEmail a friend
Minimum qualifications:
- Bachelor's degree in a technical field, or equivalent practical experience.
- 2 years of experience in program management.
- Experience in cloud risk, security controls, and compliance controls testing.
- Experience with control frameworks, specifically NIST 800-53/FedRAMP and CSA-CCM.
Preferred qualifications:
- 2 years of experience managing cross-functional or cross-team projects.
- Experience as a Security Analyst, specifically in vulnerability management, detection, or incident response.
- Experience in a consulting capacity or large-scale enterprise control governance.
- Experience with SQL and dashboarding, with the ability to manage data quality and taxonomy cleanup within a GRC system.
- Understanding of Cloud Infrastructure and specific Cloud service offerings.
- Ability to translate complex regulatory requirements into technical requirements for engineering teams.
About the job
A problem isn’t truly solved until it’s solved for all. That’s why Googlers build products that help create opportunities for everyone, whether down the street or across the globe. As a Technical Program Manager at Google, you’ll use your technical expertise to lead complex, multi-disciplinary projects from start to finish. You’ll work with stakeholders to plan requirements, identify risks, manage project schedules, and communicate clearly with cross-functional partners across the company. You're equally comfortable explaining your team's analyses and recommendations to executives as you are discussing the technical tradeoffs in product development with engineers.
The Cloud Controls Oversight (CCO) team is the strategic engine driving the evolution of Google Cloud's risk landscape from reactive monitoring to a proactive, engineering-driven assurance model. As a central control authority, we are re-architecting the control environment at a massive scale, moving beyond traditional compliance to build a sustainable and transparent ecosystem. You will play a pivotal role in this transformation, helping to shift the organization toward a data-driven future where risks are identified and mitigated before they impact the business.
In this role, you will leverage deep domain expertise and AI-driven automation to harmonize standards and eliminate operational complexity across the organization. You will deliver high-impact, actionable insights through the new control reports, utilizing advanced key control indicators to detect early warning signals of control degradation.
In this role, you will empower global teams with granular, data-driven clarity to drive adoption and effectiveness across the control lifecycle. By facilitating root cause analysis and monitoring remediation efforts, you will enforce operational accountability and ensure Google Cloud meets its regulatory commitments.
Google Cloud accelerates every organization’s ability to digitally transform its business and industry. We deliver enterprise-grade solutions that leverage Google’s cutting-edge technology, and tools that help developers build more sustainably. Customers in more than 200 countries and territories turn to Google Cloud as their trusted partner to enable growth and solve their most critical business problems.
Responsibilities
- Establish and govern the Cloud Controls strategy, using industry-leading frameworks (e.g., NIST SP 800-53) to standardize control adoption and maintain the centralized Governance, Risk, and Compliance (GRC) platform.
- Drive the end-to-end control reporting lifecycle, translating complex risk data into high-impact, actionable insights that influence business strategy and decision-making.
- Be a key driver in engineering organizational resilience by leading Root Cause Analysis (RCA) and accelerating critical risk remediation efforts across different product teams.
- Implement and scale AI-driven automation for controls monitoring, harmonizing control definitions and delivering a unified 'single pane of glass' for real-time risk visibility.
- Serve as a trusted strategic advisor to senior Subject Matter Experts and compliance/risk leadership, leveraging data-driven clarity to accelerate control adoption and enhance the security posture across Google Cloud.
Information collected and processed as part of your Google Careers profile, and any job applications you choose to submit is subject to Google's Applicant and Candidate Privacy Policy.
Google is proud to be an equal opportunity and affirmative action employer. We are committed to building a workforce that is representative of the users we serve, creating a culture of belonging, and providing an equal employment opportunity regardless of race, creed, color, religion, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or related condition (including breastfeeding), expecting or parents-to-be, criminal histories consistent with legal requirements, or any other basis protected by law. See also Google's EEO Policy, Know your rights: workplace discrimination is illegal, Belonging at Google, and How we hire.
If you have a need that requires accommodation, please let us know by completing our Accommodations for Applicants form.
Google is a global company and, in order to facilitate efficient collaboration and communication globally, English proficiency is a requirement for all roles unless stated otherwise in the job posting.
To all recruitment agencies: Google does not accept agency resumes. Please do not forward resumes to our jobs alias, Google employees, or any other organization location. Google is not responsible for any fees related to unsolicited resumes.