Technical Program Manager

Taskrabbit is a marketplace platform that conveniently connects people with Taskers to handle everyday home to-do’s, such as furniture assembly, handyman work, moving help, and much more.

At Taskrabbit, we want to transform lives one task at a time. As a company we celebrate innovation, inclusion and hard work. Our culture is collaborative, pragmatic, and fast-paced. We’re looking for talented, entrepreneurially minded and data-driven people who also have a passion for helping people do what they love. Together with IKEA, we’re creating more opportunities for people to earn a consistent, meaningful income on their own terms by building lasting relationships with clients in communities around the world.

Taskrabbit is a hybrid company with employees distributed across the US and EU and a Built In — Best Places to Work (2022, 2023, 2024) continually ranked across multiple national and regional categories. Join us at Taskrabbit, where your work will be meaningful, your ideas valued, and your potential unleashed!

Taskrabbit is maturing its engineering organization toward a scalable, secure, and compliant environment, anchored on three programs: Oncall Modernization, Cloud Infrastructure Modernization, and CIS IG1 compliance. Today, the operational "process tail" of these programs—audit evidence gathering, cross-departmental coordination, policy rollout, vulnerability SLA enforcement, and periodic reviews, is absorbed by our most senior technical talent. This is our first dedicated Infrastructure & Security TPM.

This role owns the program layer so our ICs and Engineering Managers can refocus on implementation, advisory, review, and architecture. You will drive CIS IG1 to sustained compliance, lead its expansion from engineering to the entire company, and build the foundation for IG2 and IG3. You will be the "air traffic controller" for security and infrastructure requests.

This is a high-visibility, foundational role with a direct mandate to build durable processes from the ground up. You will report to the Director of TPM and partner daily with our infrastructure and security leadership.

• Own the end-to-end CIS IG1 program: intake, evidence collection, SLA enforcement, and periodic review cycles across all 18 control families
• Expand CIS controls from local engineering teams to the entire company, and build the roadmap for IG2 and IG3
• Maintain the CIS Crosswalk Tracker as a living record of audit readiness and control status
• Translate technical controls into actionable Jira workflows and enforceable remediation SLAs
• Manage the annual external Penetration Test program and track remediation of findings to closure

• Design and operate a centralized intake process for security and infrastructure requests, ensuring engineers work only on vetted, prioritized work
• Standardize access-granting workflows for new hires, role changes, and tool requests—with full audit trails
• Establish and enforce SLAs for vulnerability remediation, PR reviews, and ticket response; report compliance to leadership

• Serve as the primary interface between Engineering, Security, Legal, Finance, IT, and Procurement for security-related programs, vendor reviews, and audits
• Negotiate infrastructure and security work into team sprints; manage GIVE/GET dependency tracking with Engineering Directors
• Drive policy approvals and company-wide rollouts (e.g., Data Management, Secure Configuration, Access Control) from draft to operationalized and signed-off

• Operationalize recurring compliance work: quarterly access reviews, monthly vulnerability triage, bi-annual asset inventory updates, annual vendor reassessments, and tabletop BCP exercises
• Build and maintain dashboards and automated evidence pipelines to reduce manual compliance chores
• Report security posture, key metrics, and a "Security Score" to senior leadership in clear, business-readable terms
• Lead the BCP program: standardize templates, schedule tabletop exercises, document results, and drive remediation into engineering sprints

• Scale vulnerability management from local triage to a company-wide SLA-driven program using Wiz, HackerOne, and Jira
• Own the SLA—chasing teams to close critical findings within 7 days and reporting Days-to-Patch to leadership
• Manage the phishing response playbook and incident post-mortem process; ensure P0/P1 action items land in sprint

• Engineering Director, Infrastructure & Security
• Senior Manager, Cloud Infrastructure
• Security Manager 
• Infosec/Security team ICs
• Other TPM’s
• Engineering Managers and ICs across Cloud Infrastructure and SRE
• Legal (data retention, SOC2/vendor reviews), Finance (security budget), IT (endpoint and asset coverage, Okta), Procurement, and the Data Lead (PII inventory and retention)
• Senior Engineering and Product leadership (risk and metrics reporting)

• 3+ years of technical program management in an infrastructure, security, SRE, or compliance environment
• Demonstrated ability to translate security controls (e.g., CIS, SOC2) into actionable Jira workflows, SLAs, and repeatable operational processes
• Proven track record driving company-wide, cross-departmental initiatives through to completion—including securing stakeholder sign-offs and managing organizational resistance
• Experience operationalizing run-the-business processes: access reviews, vulnerability remediation tracking, audit evidence collection, and periodic compliance reviews
• Sufficient technical depth in cloud infrastructure, SRE, and infosec to coordinate credibly with engineers and translate findings for non-technical leaders
• Strong executive communication skills—able to synthesize technical risk into a business-readable security score and status report
• End-to-end program ownership: from intake governance and dependency tracking through leadership reporting

• Familiarity with CIS Controls v8.1 and the IG1/IG2/IG3 framework
• Hands-on exposure to tools in our stack: Wiz, HackerOne, CrowdStrike, Datadog, Okta, JAMF, or KnowBe4
• Experience supporting SOC2 or PCI audits
• Jira workflow and dashboard configuration experience
• Background in GRC (Governance, Risk, and Compliance) or security program management
• Experience working in an organization operating under a parent- or partner-company compliance context

• ICs and Engineering Managers have measurably less coordination toil—30-40% of their program overhead returned to implementation and advisory work
• CIS IG1 sustained at or near 100% with automated evidence pipelines, expanded beyond engineering to all departments
• Centralized intake and governance live; SLAs for vulnerability remediation and request response published and enforced
• At least one full periodic review cycle (quarterly access review or monthly vulnerability triage) fully operationalized with documented evidence within 90 days
• BCP program established and validated via tabletop exercise within the first year
• Leadership receives a clear, consistent security score and metrics report; technical risk is legible to the SLT
• A credible roadmap for CIS IG2/IG3 underway within one year

Compensation & Benefits

At Taskrabbit, our approach to compensation is designed to be competitive, transparent and equitable. Total compensation consists of base pay + annual bonus + benefits + perks. The base pay range for this position is $87,000 - $120,000. This range is representative of base pay only, and does not include any other total cash compensation amounts, such as company bonus or benefits. Final offer amounts may vary from the amounts listed above, and will be determined by factors including, but not limited to, relevant experience, qualifications, geography, and level.

• Taskrabbit is a Hybrid Company. We value flexibility and choice but also stay committed to regular in-person connection.
• The People. You will be surrounded by some of the most talented, supportive, smart, and kind leaders and teams -- people you can be proud to work with!
• The Diverse Culture. We believe that we make better decisions when our workforce reflects the diversity of the communities in which we operate. Women make up half of our leadership team and our diversity representation is above that of the tech industry average.
• The Perks. Taskrabbit offers our employees with employer-paid health insurance and a 401k match with immediate vesting for our US based employees. We offer all of our global employees generous and flexible time off with 2 company-wide closure weeks, Taskrabbit product stipends, wellness + productivity + education stipends, IKEA discounts, reproductive health support, and more. Benefits vary by country of employment. 

An Active Commitment to Equity within our Company and Platform. We are an inclusive community where all who share our mission and values belong. Our diverse team represents the communities we serve, breaking down systemic barriers, and transforming lives- one action at a time.

Taskrabbit is an equal opportunity employer and values diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, ancestry, citizenship, sex, gender, gender identity, sexual orientation, age, marital status, military/veteran status, or disability status. Taskrabbit is committed to working with and providing reasonable accommodation to applicants with physical and mental disabilities. 

Taskrabbit will consider for employment all qualified applicants with criminal histories in a manner consistent with applicable law.