Senior Security Program Manager Jobs in Oregon (NOW HIRING)

The Team

Upstart's Information Security team is dedicated to advancing security practices that enhance the safety of our products, customers, and partners. We believe security should empower innovation, move at the speed of the business, and be built in from the ground up. Our mission is to protect Upstart's products and enterprise while enabling teams to move quickly and safely through strong collaboration, automation, and thoughtful security design.

As a Senior Security Engineer focused on Data Security, you will play a critical role in defining, building, and leading Upstart's data security program. This is a highly impactful role that combines deep hands-on technical execution. You will design and implement scalable data security capabilities, influence cross-functional partners across the company, and help establish long-term strategy and accountability for how data is protected at Upstart.

This role is ideal for a senior security practitioner who enjoys operating at the intersection of software engineering, architecture, and cross-functional leadership, and who has experience taking complex security controls from concept to reality.

Position Location - This role is available in the following locations: Remote - US

Time Zone Requirements - This team operates on the East/West Coast time zones.

Travel Requirements - This team has regular on-site collaboration sessions. As a digital first company, the majority of your work can be accomplished remotely. The majority of our employees can live and work anywhere in the U.S but are encouraged to to still spend high quality time in-person collaborating via regular onsites. The in-person sessions' cadence varies depending on the team and role; most teams meet once or twice per quarter for 2-4 consecutive days at a time.

How you'll make an impact:

• Lead the technical design and execution of Upstart's data security program, from early foundations through mature, scalable systems
• Architect and build software solutions (APIs, services, and internal tools) that enable effective data protection and governance
• Partner closely with Engineering, Analytics, Product, Legal, Risk, HR, and other stakeholders to secure sensitive data across diverse domains
• Drive adoption of least-privilege access models and modern data protection patterns across the organization
• Mentor engineers and security practitioners, fostering strong technical standards and a culture of ownership
• Continuously improve systems by learning from real-world signals such as false positives, operational feedback, and evolving threats

What we're looking for: 

• Minimum requirements:
• Bachelor's degree in Computer Science, Engineering, or Mathematics, or a related field (or its equivalent) + 5 years of experience
• Extensive experience across enterprise and operational security domains, with deep focus on Data Security and Identity & Access Management (IAM)
• Experience owning or leading a Data Security, DLP (Data Loss Prevention), or DSPM (Data Security Posture Management) initiatives
• Strong software engineering background, with the ability to design and build production-quality systems (e.g., APIs, services, or internal web applications)
• Experience launching new security capabilities from 0 to 1 in complex environments
• Deep understanding of least-privilege principles and practical experience applying them at scale
• Excellent communication skills, with the ability to influence senior technical and non-technical stakeholders
• Ability to navigate ambiguity, make sound tradeoffs, and independently drive meaningful change
• Preferred qualifications:
• Familiarity with cutting edge AI data protection tooling such as endpoint DLP, data classification, or posture management platforms (BigID, Concentric AI, Varonis, Cyera, or similar) 
• Experience working with diverse data domains (e.g., analytics, reporting, business operations, or people data)
• Contributions to the security community through talks, publications, open-source projects, or other industry involvement
• Familiarity with compliance frameworks such as SOC 1, SOC 2, and SOX
• Interest in long-term growth as a senior individual contributor, with openness to future people leadership paths
  

#LI-REMOTE

#LI-MidSenior