Why This Job is Featured on The SaaS Jobs
Trust and security have become core buying criteria in enterprise SaaS, and this Technical Program Manager role sits directly on that boundary. The remit spans customer-facing assurance work and internal compliance operations, reflecting how modern SaaS companies increasingly treat security posture as part of the product experience—especially for AI-enabled platforms where buyers scrutinise data handling and controls.
For a SaaS career, the role builds durable leverage: translating frameworks like SOC 2 and ISO 27001 into operational routines, partnering across Security, Engineering, Product, Legal, IT, and go-to-market, and tightening the feedback loop between customer questions and internal documentation. The emphasis on scaling responses with tooling and automation mirrors a broader trend in SaaS trust functions: moving from manual questionnaires to repeatable, auditable systems that keep pace with product change.
This position is best suited to professionals who enjoy structured, cross-functional program ownership and clear written communication, and who are comfortable representing a security program externally without losing rigor internally. It will particularly fit those looking to deepen credibility in GRC-adjacent security while staying close to how SaaS products are evaluated, sold, and renewed.
The section above is editorial commentary from The SaaS Jobs, provided to help SaaS professionals understand the role in a broader industry context.
Job Description
Why Harvey
At Harvey, we’re transforming how legal and professional services operate — not incrementally, but end-to-end. By combining frontier agentic AI, an enterprise-grade platform, and deep domain expertise, we’re reshaping how critical knowledge work gets done for decades to come.
This is a rare chance to help build a generational company at a true inflection point. With 700+ customers in 58+ countries, strong product-market fit, and world-class investor support, we’re scaling fast and defining a new category in real time. The work is ambitious, the bar is high, and the opportunity for growth — personal, professional, and financial — is unmatched.
Our team is sharp, motivated, and deeply committed to the mission. We move fast, operate with intensity, and take real ownership of the problems we tackle — from early thinking to long-term outcomes. We stay close to our customers — from leadership to engineers — and work together to solve real problems with urgency and care. If you thrive in ambiguity, push for excellence, and want to help shape the future of work alongside others who raise the bar, we invite you to build with us.
At Harvey, the future of professional services is being written today — and we’re just getting started.
Role Overview
Some of the world's largest companies and their law firms use Harvey’s AI capabilities to deliver world-class client services at unprecedented scale and efficiency. Harvey allows high-performing professionals to gain deep domain knowledge faster, understand the big picture, and tackle more complex challenges in less time.
Our customers depend on us to deliver a secure, trustworthy, and compliant platform. Earning the trust of our customers is a business enabler and we value it more than anything else.
In this role, your objective is to earn the trust of our customers by communicating our security program, aligning it with relevant security and privacy standards, and getting it assessed by independent auditors.
This is a highly cross-functional role that involves close collaboration with teams across the company, including Security, Product Management, Engineering, GTM, IT, Legal, and external consultants and auditors. Understanding and communicating customer and compliance requirements and producing accurate documentation will be key parts of this role.
A big part of this role is responding to customer security questions. As an advocate for the Harvey Security program, our goal is to provide quick and accurate responses leveraging Harvey to assist. We achieve high accuracy and your role will include reviewing Harvey’s output - spotting the cases where the model misses the mark or can’t answer due to documentation gaps.
We already have certifications including SOC 2 Type 2, ISO 27001; adhere to CCPA and GDPR, and continue to expand our compliance portfolio based on business needs. We have mature systems and processes in place, but they need to be constantly adapted to our quickly growing company and the rapidly evolving product.
What You’ll Do
Respond to customer security questions at scale by using AI
Meet with customers to address security-related questions and concerns
Manage ISO and SOC 2 Type 2 and other emerging compliance programs, which includes continuously monitoring compliance status through automated tools, completing periodic required activities (pentests, risk assessments, various reviews and exercises, etc.), and coordinating with internal teams to gather evidence for auditors
Maintain and update corporate information security policies, ensuring compliance requirements are communicated across the organization
Maintain and improve our internal documentation
Maintain and improve security documentation and resources we share with customers and partners
Identify opportunities to streamline Trust workflows through tooling and automation
What You Have
4+ years experience in Information Security
3+ years experience in roles requiring a high degree of project management
A strong foundation across a broad range of security, risk, and governance topics
Excellent organizational skills, including project management and process design with a drive for simplification
Excellent written communication skills
Ability to communicate complex technical and regulatory topics to diverse audiences; equally comfortable partnering with engineers, lawyers, customers, and GTM
Ability to manage external contractors, vendors, and consultants
Customer-centric mindset
Strong attention to detail while keeping focused on the big picture
Bonus
Experience leading compliance certification projects such as SOC 2, ISO, IRAP, FedRAMPis a plus, but not required
Experience operationalizing controls at the intersection of product and enterprise security (secure SDLC, data protection/privacy-by-design, third‑party risk, incident response) in AI-centric contexts
Compensation
$144,500 - $195,500 USD
Please find our CA applicant privacy notice here.
#LI-KV1
Harvey is an equal opportunity employer and does not discriminate on the basis of race, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or related condition, or any other basis protected by law.
We are committed to providing reasonable accommodations to applicants with disabilities, and requests can be made by emailing accommodations@harvey.ai
