Senior Security Technical Program Manager

Box•Redwood City, CA

6d•Hybrid

About The Position

Box (NYSE:BOX) is the leader in Intelligent Content Management. Our platform enables organizations to fuel collaboration, manage the entire content lifecycle, secure critical content, and transform business workflows with enterprise AI. We help companies thrive in the new AI-first era of business. Founded in 2005, Box simplifies work for leading global organizations, including JLL, Morgan Stanley, and Nationwide. Box is headquartered in Redwood City, CA, with offices across the United States, Europe, and Asia. By joining Box, you will have the unique opportunity to continue driving our platform forward. Content powers how we work. It’s the billions of files and information flowing across teams, departments, and key business processes every single day: contracts, invoices, employee records, financials, product specs, marketing assets, and more. Our mission is to bring intelligence to the world of content management and empower our customers to completely transform workflows across their organizations. With the combination of AI and enterprise content, the opportunity has never been greater to transform how the world works together and at Box you will be on the front lines of this massive shift. At Box, our mission is to power how the world works together. To earn and keep customer trust, we must ship products that are secure, private, and compliant—without slowing innovation. We’re looking for a Senior Security Technical Program Manager, Product Risk to lead our Security, Legal, and Compliance (SLC) program across external-facing products. In this role, you’ll embed SLC requirements into product strategies and roadmaps, scale efficient review processes, and deliver clear, data-driven insights that guide executive decisions. You’ll partner with Product, Engineering, Security, Legal, and Compliance to streamline launch reviews, reduce cycle times, and operationalize governance that enables growth while protecting customers and Box.

Requirements

5+ years of program/project management in security, product security, or engineering, partnering closely with software engineering and product teams.
Proven experience building and running cross-functional review programs uniting Security, Legal, and Compliance for product/feature launches.
Demonstrated ability to operationalize SLC processes integrated into product development lifecycles, with clear intake, triage, routing, and approvals.
Strong process design and optimization skills, including defining SLAs and implementing Jira-based automations for cross-functional workflows.
Excellent communicator who can translate security, legal, and compliance requirements for technical and non-technical audiences and drive consensus.
Influences without direct authority; adept at stakeholder management across product, engineering, and risk functions.
Analytical and data-driven, with experience building dashboards and using metrics to inform governance and investment decisions.
Proficient with Jira, Confluence, Slack, and collaboration tools; experience maintaining centralized knowledge bases and enablement materials

Nice To Haves

Experience in SaaS/technology; familiarity with privacy, IP, AI risk, or regulatory compliance; Agile/Scrum background; relevant certifications (e.g., CISSP, CCSK, PMP).

Responsibilities

Design and evolve portfolio-level SLC governance, prioritization, and decision frameworks grounded in metrics and SLAs.
Build and run end-to-end SLC workflows (intake, triage, routing, approvals, risk sign-off) aligned to agile/CI-CD release cycles.
Drive cross-functional execution: manage escalations, unblock dependencies, and maintain clear visibility on status, risks, and outcomes.
Develop, maintain, and present SLC dashboards (e.g., throughput, cycle time, backlog health, risk trends) to stakeholders and executives.
Identify bottlenecks and implement process improvements and Jira automations (workflows, forms, routing rules, notifications).
Establish operating rhythms and facilitate effective forums that drive accountability and timely closure of action items.
Create and maintain training, enablement, and knowledge base content; deliver sessions tailored to product, engineering, and SLC audiences.
Serve as primary point of contact for SLC stakeholders, ensuring consistent, timely communication via Slack, Confluence, and other tools.

Benefits

Box lives its values, with community and in-person collaboration being a core part of our culture. Boxers are expected to work from their assigned office a minimum of 3 days per week.
Box makes reasonable accommodations for applicants with disabilities.
Box is committed to fair and equitable compensation practices.
This role is also eligible for equity and benefits. For more information on benefits, check out our healthcare benefits and additional Box Benefits + Perks.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume