Security Program Manager Full Time NEW

The role acts as the single accountable owner for:

Cloud security posture in customer‑owned Azure environments
Deviation management (e.g., non‑domain‑joined VMSS)
Operating‑model alignment (patching, monitoring, CI/CD, access)
Evidence, visibility, and executive decision support
The role exists to remove friction, ambiguity, and rework in large‑customer security engagements by converting repeated questions into clear positions, guardrails, and auditable programs.

Responsibilities
1. Strategic Customer Security Ownership (Primary)

Own end‑to‑end security conversations for strategic customers
Act as the single-threaded owner across Cloud Ops, DevOps, CPS, Engineering, and Compliance
Translate customer security standards into implementable, testable, and supportable models
Ensure consistent positions across decks, calls, audits, and escalations
2. Cloud Infrastructure & Operating Model Alignment

Own customer discussions around:
VMSS vs VM security equivalence
Non‑domain‑joined deployments
Image‑based enforcement, identity lifecycle, drift handling
Lead definition and validation of:
Patching lifecycle and visibility
Monitoring and telemetry alignment (MDE, Sentinel, customer tools)
Support and escalation RACI in customer‑owned subscriptions
Drive clarity on what Icertis owns vs what the customer owns
3. Deviation, Risk & Exception Management

Own formal risk narratives for deviations from customer standards
(e.g., domain‑join semantics, tooling assumptions)
Coordinate executive‑level risk acceptance with customer CSO teams
Ensure deviations are:
Explicitly documented
Guard‑railed
Time‑bound
Supported by equivalent security outcomes
4. Change Management & Control Governance

Own structured approaches for:
GPO change management
Emergency vs planned enforcement
Impact assessment and rollback logic
Ensure every change has:
Clear ownership
Defined timelines
Evidence and traceability
5. CI/CD, Deployment & Tooling Alignment

Own customer security posture for:
Git runners / CI‑CD execution models
Private Link vs DMZ‑based execution
Network allow‑listing and proxy constraints
Ensure deployment models remain:
Secure
Auditable
Scalable across future releases (not bespoke per customer)
6. Evidence, Visibility & Audit Readiness

Own the evidence model for strategic customers:
Patch visibility
Scan outputs (SAST, SCA, VAPT)
Image lineage and deployment traceability
Convert ad‑hoc evidence requests into repeatable, system‑driven artifacts
Support audits without creating parallel operational processes