Technical Project Manager / Release Manager

This is a fully remote position, open to applicants in Philippines.

📋 Description

• Review all commits and pull requests merged into the development branch since the last release — analyze diffs and identify any red flags (such as missing tests, hardcoded secrets, environmental or configuration changes, and incomplete migrations).

• Address issues directly — initiate remediation pull requests for identified problems (including missing test coverage, lint issues, configuration errors, and documentation deficiencies). The lead developer will review and merge these the following day.

• Once the development branch is clear, cut and merge the release into the main branch and tag it accordingly.

• Prepare release notes and publish a nightly summary.

• Adjust the release cadence based on the team's requirements — during demo sprints or crunch periods, collaborate with the lead developer to determine whether to postpone the main merge, cherry-pick critical fixes, or batch releases.

• Triage and manage Linear issues — ensure tickets have well-defined descriptions, acceptance criteria, and appropriate priority/status.

• Maintain current project documentation — including architecture documents, runbooks, and onboarding guides.

• Monitor progress across active workstreams and identify any blockers or dependencies.

• Facilitate coordination among contributors — ensure team members are not duplicating efforts or facing blockers from each other.

• Keep the roadmap updated — track what has been released this week, what is currently in progress, and what is next on the agenda.

• Organize and tidy up stale tickets, close completed tasks, and link related issues.

• Provide weekly status updates to the lead developer — detail what has been accomplished, what is at risk, and what requires a decision.

• Conduct regular syncs with the deployment team — monitor progress on infrastructure (IaC, Key Vault, networking), CI/CD pipeline enhancements, and security initiatives (such as JWT expiry reduction, encrypted storage, managed identity migration, and direct Entra ID integration).

• Ensure that deployment team outputs meet SOC 2 evidence requirements — the deliverables must produce auditable artifacts, not just functioning code.

• Remove obstacles for the team — identify dependency conflicts, access issues, and unclear requirements before they lead to delays.

• Implement the recurring evidence collection calendar — conduct quarterly assessments of Azure IAM roles, Entra ID MFA settings, GitHub organization access, Key Vault RBAC, Dependabot alerts, Defender scores, and merged pull request examples.

• Gather signed Data Processing Agreements from subprocessors and organize vendor SOC 2 reports.

• Develop and maintain a formal risk register.

• Perform minor policy edits and updates as necessary — we currently have 24 security policies drafted; your role will involve reviewing, identifying gaps, and making light edits, rather than creating new policies from scratch.

• Assess and onboard a SOC 2 compliance platform (such as Vanta, Drata, or Secureframe) — this is a critical path blocker for commencing the observation window.

• Establish onboarding and offboarding security checklists and implement a quarterly access review process.

• Coordinate penetration testing engagements (including scope definition, vendor selection, and scheduling).

• Provide regular asynchronous updates to the lead developer — highlight blockers, necessary decisions, and progress against the SOC 2 timeline. Do not wait for syncs to raise issues.

⛳️ Requirements

• Sufficient technical knowledge to read TypeScript diffs, identify genuine issues, and resolve them — not merely submitting tickets.

• Proficient in writing code for remediation — including test coverage, lint corrections, configuration adjustments, and minor refactoring.

• Familiarity with GitHub (pull requests, Actions, CI pipelines) and Linear (or similar project management tools).

• Strong organizational skills — capable of transforming disorganized work into clear statuses, tidy backlogs, and useful documentation.

• Experience coordinating across distributed teams — able to conduct syncs, write clear status updates, and hold team members accountable without acting as their manager.

• Familiarity with compliance frameworks — such as SOC 2, ISO 27001, or HITRUST, with an understanding of what auditors specifically seek.

• Good judgment regarding when to maintain standards versus when to pursue creative solutions — we are in an early-stage setting and require someone who safeguards quality without hindering progress.

• Proactive communication skills — able to raise risks and blockers before they escalate into problems.

🏝️ Benefits

• [Add benefits here as needed]