Sr. Technical Program Manager — Engineering Security & AI Governance

About the Role

Uber's Engineering Security organization runs several high-volume, high-judgment programs: design-time AI security and privacy reviews, a security champions network, AI red teaming, AI agent governance, and the standards that define how AI is built and used inside the company.

We're hiring a Sr. TPM to operate across these programs, raise the bar on execution, and scale them through automation.

This role exists because these programs intersect in ways no single workstream owns. A red team finding should sharpen the next design review. A new guardrail should be measured for both security value and developer friction. A standard should be written so the people who must apply it can actually apply it. Connecting these threads and turning that visibility into measurable improvements is the core of the job.

You'll work in an AI-native environment. We've built internal agents that handle routine triage, assignment, and reporting. You'll be expected to use it daily, identify where it can be extended, and partner with engineering to keep it accurate over time. Comfort building and improving AI workflows is a strong differentiator.

This is a high-visibility role with a broad surface area across security engineering, AI governance, and platform programs. The TPM in this seat partners directly with senior security and engineering leaders and shapes how AI is governed across Uber's engineering organization.

What the Candidate Will Need / Bonus Points

---- What the Candidate Will Do ----

AI agent oversight

1. Drive cross-functional review of new and updated security standards, gathering input from senior engineers, AI/ML stakeholders, IAM, AppSec, OffSec, legal, and Product Security.
2. Support the operating cadence for AI agent inventory and governance, ensuring agents move through review, approval, and ongoing oversight in line with internal standards and external regulatory expectations.
3. Coordinate intake and follow-through for AI red teaming and threat modeling activities, ensuring findings are routed to the right remediation owners and reflected back into review criteria.

Security & privacy review program operations

1. Run the day-to-day of the engineering security and privacy review program: intake, routing, capacity planning, SLA tracking, and escalation.
2. Maintain accurate, trustworthy program metrics. Define what's worth measuring, validate the data, and report cleanly to leadership.
3. Drive timely, well-documented closure of reviews so the program produces a defensible audit trail.
4. Monitor AI-assisted triage and assignment workflows for accuracy. Track false positive and false negative rates, identify drift, and partner with engineering to keep the automation calibrated.
5. Support review quality through sampling, feedback loops, and reviewer calibration.

Security champions network

1. Own the champions lifecycle end-to-end: recruitment, training scheduling, certification tracking, and ongoing engagement.
2. Improve recognition, satisfaction measurement, and visibility for champions' contributions to their performance reviews.
3. Report on coverage, training throughput, and certification status by line of business.

Cross-program analysis and improvement

1. Identify patterns and gaps that are only visible from a cross-program vantage point, and turn them into concrete improvements.
2. Translate outputs from one program into inputs for another (e.g., red team findings into review criteria; review trends into champion training topics).
3. Propose, scope, and ship process improvements with clear before/after metrics.

AI-assisted execution

1. Use existing internal AI tooling to scale your own throughput and the program's.
2. Identify where automation is missing or imperfect, and partner with engineering to extend it.
3. Help shape how AI tooling is applied across the program — assignment, triage, reporting, and quality checks.

Executive reporting

1. Own recurring operational reporting to senior leadership: identify contributors, set deadlines, drive contributions, and assemble the final deliverable.

---- Basic Qualifications ----

1. 4+ years as a TPM, Program Manager, or equivalent in a software or technology environment.
2. Strong analytical skills: you see patterns in data and operational signals that others miss, and turn those observations into action.
3. Excellent written and verbal English.
4. Strong follow-through. You drive things to completion across multiple stakeholders without needing to be reminded of status.
5. JIRA proficiency: JQL, dashboards, automation rules, sprint management.
6. Daily use of AI tools (Claude, ChatGPT, etc.) as productivity accelerators or demonstrated ability to ramp up within four weeks.
7. Self-directed across time zones; comfortable making decisions with incomplete information.
8. Skilled at driving alignment across teams without formal authority.

---- Preferred Qualifications ----

1. Experience supporting security, privacy, compliance, risk, or audit programs.
2. Familiarity with security review, privacy review, threat modeling, or risk assessment workflows.
3. Experience with AI governance, responsible AI, LLM applications, AI agents, or AI security programs.
4. Experience improving workflow automations using AI tools, scripts, JIRA automation, APIs, or low-code tooling.
5. Experience running training, certification, champion, or distributed reviewer programs.
6. Comfort with CLI tools and lightweight scripting.
7. Familiarity with regulatory or audit-sensitive environments where documentation quality and evidence readiness matter.

Uber's mission is to reimagine the way the world moves for the better. Here, bold ideas create real-world impact, challenges drive growth, and speed fuelds progress. What moves us, moves the world - let’s move it forward, together.

Offices continue to be central to collaboration and Uber's cultural identity. Unless formally approved to work fully remotely, Uber expects employees to spend at least half of their work time in their assigned office. For certain roles, such as those based at green-light hubs, employees are expected to be in-office for 100% of their time. Please speak with your recruiter to better understand in-office expectations for this role.

*Accommodations may be available based on religious and/or medical conditions, or as required by applicable law. To request an accommodation, please reach out to accommodations@uber.com.