Senior Program Manager

We are Hiring...

About Us:

Mobileum is a leading provider of Telecom analytics solutions for roaming, core network, security, risk management, domestic and international connectivity testing, and customer intelligence. More than 1,000 customers rely on its Active Intelligence platform, which provides advanced analytics solutions, allowing customers to connect deep network and operational intelligence with real-time actions that increase revenue, improve customer experience, and reduce costs. Know our story:

Headquartered in Silicon Valley, Mobileum has global offices in Australia, Dubai, Germany, Greece, India, Portugal, Singapore and UK with global HC of over 1800+.

Join Mobileum Team

At Mobileum we recognize that our team is the main reason for our success. What does work with us mean? Opportunities!

Position: Sr. Program Manager – DevSecOps.

About the Role

We are seeking a Sr. Program Manager - DevSecOps to lead both security engineering automation and compliance program management. This hybrid role (50/50 split) owns security tooling implementation across CI/CD pipelines while also maintaining our ISO27001 ISMS and managing customer security audits.

If you want to be hands-on with DevSecOps tooling while also driving enterprise compliance, this role is for you.

Roles & Responsibility:

DevSecOps & Security Engineering (50%)

• Implement security scanning tools in CI/CD pipelines (SAST, DAST, SCA, secret scanning)
• Integrate and manage tools like SonarQube, Snyk, Checkmarx, Veracode, Trivy
• Establish and enforce security gates in release pipelines
• Implement container security scanning and IaC security tools (Checkov, tfsec)
• Define security policies-as-code and automate vulnerability workflows
• Drive shift-left security practices across engineering teams
• Build security dashboards for real-time posture visibility

GRC & Compliance (50%)

• Own and maintain ISO27001 ISMS, lead certification and surveillance audits
• Manage customer security questionnaires and audit responses
• Conduct enterprise risk assessments and maintain risk register
• Track vulnerabilities, remediation timelines, and closure plans
• Maintain compliance dashboards and security KPIs
• Monitor regulatory requirements (GDPR, DPDP, CCPA)
• Implement and manage GRC platform

Desired Profile: -

DevSecOps Technical Skills

• Hands-on with CI/CD platforms (Jenkins, GitLab CI, GitHub Actions, Azure DevOps)
• Security scanning tools (SonarQube, Snyk, Checkmarx, Veracode, Semgrep)
• Container security (Trivy, Aqua, Prisma Cloud)
• IaC security (Terraform, Checkov, tfsec)
• Kubernetes security and cloud security controls (AWS, Azure, GCP)
• Understanding of OWASP Top 10 and common vulnerabilities

GRC Expertise

• Deep ISO27001 implementation and certification experience
• Strong understanding of SOC2, NIST CSF, CIS Controls
• Experience with customer security audits and questionnaires
• GRC platforms (Vanta, Drata, OneTrust, ServiceNow)

Preferred Qualifications

• ISO27001 Lead Auditor/Implementer, CISSP, CSSLP, or cloud security certs
• Experience building DevSecOps programs from scratch
• Scripting skills (Python, Bash) for automation
• SBOM and software supply chain security experience
• SOC2 Type I/II audit experience

Work Experience: 9+Yrs years in DevSecOps, application security, or security compliance

Educational Qualification: BE. / B.Tech., M.E./M. Tech. or M. Sc. in Computer Science or any related qualification.

Location: Bangalore

Know our story:

Follow us on:

LinkedIn:

Twitter: @MobileumInc