Senior Technical Program Manager

About Us

We’re a startup with big ambitions: to make estate planning modern, visual, and intelligent. Vanilla is the first AI-powered estate advisory platform, built by advisors, planners, and attorneys to transform how wealth is transferred across generations. Our technology unifies scenario modeling, client visualization, and document creation into one seamless, digital experience.

Our team brings together diverse subject matter expertise across estate planning, wealth management, and scaling SaaS startups. We’re distributed across the U.S., with a mix of fully remote and hybrid roles, and we embrace flexibility while staying closely connected. At Vanilla, you’ll join curious builders and problem-solvers who thrive on speed, autonomy, and impact. Here, you won’t just join a company, you’ll help create it. If you’re excited to tackle hard problems, move quickly, and see your work shape both an industry and a growing startup, we’d love to meet you.

Working Location

This role is a remote position, you must be based out of one of the following states: California, Colorado, Connecticut, Florida, Georgia, Idaho, Illinois, Kentucky, Maine, Massachusetts, Minnesota, New Jersey, New York, Ohio, Pennsylvania, Rhode Island, South Carolina, South Dakota, Texas, Utah, Virginia, Washington, or Washington, D.C.

Job Summary

We're looking for a Senior Technical Program Manager to own product operations and our security compliance program as we scale our AI-powered estate advisory platform. As our first hire in this role, you'll build the operational backbone that lets us ship reliably while maintaining the trust of customers who depend on us with their most sensitive financial and estate planning data.

You'll own two critical areas: First, product operations—strategic planning, driving roadmap work and communication, release management, and operational metrics across our engineering organization. Second, security compliance and customer trust—managing our SOC 2 program, managing audits, coordinating security reviews, and enabling our enterprise sales motion through customer-facing security conversations and documentation.

This means you'll spend your time coordinating complex technical initiatives, running our SOC 2 audit cycles, building operational processes that scale, responding to enterprise security questionnaires, and translating between engineering teams, auditors, customers, and leadership. You'll work directly with the CTO, Chief Legal Officer, Security Engineer, and Revenue teams to make compliance and operations strategic advantages rather than overhead.

This role is ideal for someone who thrives at the intersection of technical program management and compliance, enjoys building foundational programs from scratch, and wants high-impact visibility at a Series B company where operational excellence and customer trust are competitive differentiators.

Responsibilities:

Product Operations & Release Management

• Own strategic planning process for monthly, quarterly, and annual plans

• Own end-to-end release management process across engineering teams

• Establish and maintain operational metrics, SLAs, and service health dashboards

• Coordinate cross-functional delivery of major features and infrastructure initiatives

• Manage technical debt prioritization and platform stability roadmap

• Own change management processes and deployment risk assessment

• Coordinate dependencies across AI/ML, backend, and infrastructure teams

Security Compliance Program Management (SOC 2 Focus)

• Lead SOC 2 Type II audit preparation and controls, evidence collection, and remediation

• Maintain compliance documentation, control matrices, and policy frameworks

• Coordinate with Security, Engineering, and Legal on control implementation

• Manage vendor security assessments and third-party risk management

• Track and close audit findings and continuous monitoring requirements

• Build automation for audit evidence collection and reporting

• Prepare for additional frameworks as needed (ISO 27001, GDPR, state privacy laws)

• Collaborate with our Legal team on information security policies and employee training programs

Customer Security & Trust

• Lead customer security questionnaire and RFP response process

• Coordinate customer security reviews and penetration test reports

• Build and manage Trust Center and public-facing security documentation

• Support enterprise sales with technical security discussions

• Build customer-facing compliance artifacts (security whitepapers, certifications)

• Act as liaison between customers, sales, and engineering on security requirements

Program & Stakeholder Management

• Translate business requirements into technical programs with clear milestones

• Run executive-level program reviews and status reporting

• Identify risks, dependencies, and blockers across initiatives

• Build relationships with external auditors, consultants, and compliance partners

• Drive process improvements and operational maturity

Key Requirements:

Must Have:

• 5-7+ years in technical program management, product operations, or engineering roles

• Proven track record running multi-team technical initiatives from 0→1

• Experience with planning, release management, incident response, and operational metrics

• Strong understanding of cloud infrastructure and software development lifecycle

• Ability to translate technical concepts for executive and customer audiences

• Experience working in fast-paced startup or scale-up environments

Compliance & Security:

• Exposure to SOC 2 Type II audit management (planning through attestation)

• Understanding of data privacy regulations (CCPA, HIPAA helpful)

• Experience with GRC tools (Vanta, Drata, Secureframe, or similar)

• Vendor risk management and security questionnaire processes

Technical Depth:

• Sufficient technical background to discuss architecture, APIs, and infrastructure

• Understanding of CI/CD pipelines and deployment strategies

• Bonus: Familiarity with AI/ML systems and LLM security considerations

Stakeholder Management:

• Experience presenting to C-suite and board on compliance posture

• Customer-facing experience supporting enterprise sales cycles

• Proven ability to influence without direct authority

Nice to Have:

• Experience in fintech, healthtech, or regulated industries

• Prior experience at Series B-D companies scaling security compliance programs

Benefits:

• Flexible paid time off policy and 10 company-wide paid holidays

• Parental leave, 4 weeks for all full-time employees and up to 12 weeks for birthing parents

• Medical, dental, and vision benefits coverage for employees and their families

• 401K eligibility after one month of employment

• Budget for learning & development and home office setup

• Paid parking or transit for hybrid and in office employees

The salary range for this role is $170,000 to $190,000. Our compensation packages also include a performance based bonus and equity. Compensation is based on a number of factors and may vary depending on job-related knowledge, skills, and experience.

Benefits:

• Flexible paid time off policy and 10 company-wide paid holidays 

• Parental leave, 4 weeks for all full-time employees and up to 12 weeks for birthing parents

• Medical, dental, and vision benefits coverage for employees and their families 

• 401K eligibility after one month of employment

• Free estate planning documents

• Budget for learning & development and home office setup 

• Paid parking or transit for hybrid and in office employees 

Vanilla Technologies Inc. (dba "Vanilla") provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Vanilla participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S.