Job Description

Program Manager (Security Program)

Location:  Charlotte. NC (Hybrid)
Duration:  12 Months
Pay:  $55-65/hr W2

W2 ONLY, NO C2C

Overview:

We are seeking a highly organized, detail oriented Program Manager to oversee the execution, governance, and quality of our Third Party Penetration Testing Program. This role requires significant focus on remediation validation, coordination of penetration testing engagements, and ensuring high quality reporting throughout the lifecycle. You will partner closely with engineering, security teams, external vendors, and leadership stakeholders to drive timely remediation and maintain a strong security posture.

What You’ll Do:

Remediation Validation & Tracking (Primary Focus)

• Serve as the central owner for the remediation validation process across all third party and internal penetration test findings.
• Create, assign, and manage Jira validation tickets to ensure every finding is properly tracked through closure.
• Oversee the full validation lifecycle—monitoring progress, identifying blockers, escalating delays, and driving timely completion.
• Collaborate with remediation owners to clarify requirements, ensure evidence quality, and verify reproducibility of fixes.
• Provide recurring updates to leadership on validation status, overdue items, systemic risks, and cross team remediation performance.
• Ensure closure documentation is complete, accurate, and compliant with program standards.

Penetration Test Engagement Management

• Manage third party penetration testing engagements from initiation to closure.
• Lead scoping sessions to define test objectives, environment requirements, and timelines.
• Coordinate tester onboarding, including account creation, access provisioning, and environment preparation.
• Track communication during active testing, resolving issues and ensuring smooth execution.
• Host debrief sessions with testers and internal teams to confirm understanding of findings and remediation expectations.

Reporting & Documentation

• Receive, review, and process penetration test reports from third party vendors.
• Enter validated findings into the Security Findings Tracking Tool (SFTT) or designated platforms.
• Ensure consistent, accurate, and complete documentation of findings, severity ratings, and business impact.

Report Quality Assurance

• Assign test reports to QA reviewers and oversee QA workflow management.
• Monitor QA related Jira tickets to ensure timely review, escalation, and closure.
• Validate that reports meet program standards for clarity, reproducibility, completeness, and quality.
• Collaborate with testers and internal stakeholders to address inconsistencies, request revisions, and maintain quality controls.

Monthly Reporting & Metrics

• Run and distribute monthly penetration testing and remediation metrics reports.
• Summarize key insights including testing volume, findings trends, and remediation progress.
• Maintain consistent reporting archives and support leadership with data driven insights.

Continuous Improvement

• Identify opportunities to enhance program workflows, templates, validation standards, and operational processes.
• Analyze recurring issues and trends to drive process improvements and reduce risk exposure.
• Support audits, compliance reviews, and other internal governance initiatives related to penetration testing.

What You Bring:

• Experience in security program management, penetration testing operations, or vulnerability management.
• Strong familiarity with Jira or similar workflow/tracking systems.
• Excellent communication and coordination skills across engineering, security, and vendor teams.
• Strong organizational skills, attention to detail, and ability to drive accountability and consistency.
• Understanding of offensive security concepts and industry standards (e.g., OWASP, NIST).