Zoox is seeking an Information Security Governance Technical Program Manager who will be responsible for keeping progress and momentum of the Information Security program; helping to maintain the security of our customers, staff, systems, communications, and data.

The Governance Technical Program Manager will be responsible for day-to-day management of the Governance and Cybersecurity programs, and will serve as a liaison between other TPMs throughout the organization and the Information Security team.

The Governance TPM plans, coordinates, and manages the actions taken by other teams to acquire and execute specific tasks. This may occasionally include capture and proposal work in support of the task area. Maintaining close communication with other TPMs, the Governance TPM will update the Governance team on the status of committed work by other teams to remediate risks or improve security posture in order to help prioritize resources and complete risk reduction activities.


  • Support the development of Company level documentation to include but not limited to users guides, policy guides, change management plans, lexicons, process maps, training plans, system administration documents, templates, reports, dashboards, policies, procedures, and strategic planning documents
  • Facilitate discussions among stakeholders throughout the Company to identify business requirements, document the requirements and submit those requirements to the responsible parties for evaluation and implementation
  • Recommend change requests when gaps, areas of improvement, or new requirements are identified by the Governance Analysts and Specialists
  • Participate in oversight and evaluation of application change requests and advice on the impacts of doing such changes


  • 5+ years of relevant experience in Technical Program Management
  • 3+ years of experience in GRC or Information Security Program Management
  • Experience and strong comprehension of information security frameworks such as NIST 800-53, NIST-CSF and ISO 27001, and CIS controls
  • Possess strong of comprehension of security and risk
  • Knowledge and experience with SOC2 and the Trust Service Criteria assessments
  • Familiarity with GRC tools
  • Experience with diverse IT architectures and enterprise IT data centers, large-scale transaction processing environments, external hosted services and cloud computing environments
Vaccine Mandate

Employees working in this position will be required to be fully vaccinated against the COVID-19 virus. An applicant is considered fully vaccinated two weeks after their second dose in a 2-dose series, such as the Pfizer or Moderna vaccines, or two weeks after a single-dose vaccine, such as Johnson & Johnson’s Janssen vaccine. Applicants will be required to show proof of vaccination status upon receipt of a conditional offer of employment. That offer of employment will be conditioned upon, among other things, an Applicant’s ability to show proof of vaccination status. Please note the Company provides reasonable accommodations in accordance with applicable state, federal and local laws.

About Zoox

Zoox is developing the first ground-up, fully autonomous vehicle fleet and the supporting ecosystem required to bring this technology to market. Sitting at the intersection of robotics, machine learning, and design, Zoox aims to provide the next generation of mobility-as-a-service in urban environments. We’re looking for top talent that shares our passion and wants to be part of a fast-moving and highly execution-oriented team.

A Final Note:
You do not need to match every listed expectation to apply for this position. Here at Zoox, we know that diverse perspectives foster the innovation we need to be successful, and we are committed to building a team that encompasses a variety of backgrounds, experiences, and skills.