Technical Project Manager / Release Manager

Job Description

Description

At Umpisa Inc., our mission is to make the Philippines be known globally as a tech hub. 

Umpisa Inc. is a progressive technology services company that partners with select industries, clients and people to work on pioneering and industry-changing solutions via digital transformation, modern software development and venture building.

We create a set of world-class and impactful products and solutions to help organizations and individuals live better lives. We offer demanding, challenging and rewarding careers in software development, product development, emerging technologies, and more for the right candidates.

Essential Skills:

• Aligns with our values: Excellence, Integrity, Professionalism, People Success, Customer Success, Fun, Innovation and Diversity
• Strong communication skills
• Strong problem solving and analytical skills
• Excellent problem-solving ability
• Would like to work as part of a self-organizing Scrum team in a scaled agile framework
• Must be a self-starter and loves to collaborate with the team and client

Job Summary 

We're a fast-moving early-stage product team shipping 2-5 PRs/day across a TypeScript monorepo (NestJS + Next.js + Electron + React Native). We need two full-time generalists who together own three workstreams:

1. Nightly release gate — review the day's code, fix issues directly, cut releases into main

2. Project coordination — keep docs, tasks, and priorities organized so the dev team stays focused on building

3. SOC 2 readiness (first 2 months) — coordinate with our deployment team to ensure security hardening and compliance deliverables land on time

This role is the SOC 2 segregation-of-duties control between development and production, and the connective tissue that keeps the project from accumulating chaos. Two people ensures coverage across time zones, no single point of failure on releases, and enough bandwidth to run compliance and coordination in parallel.

Requirements

About the Role:

• Review all commits/PRs merged to dev since last release — read diffs, check for red flags (missing tests, hardcoded secrets, env/config changes, incomplete migrations)
• Fix issues directly — open remediation PRs for problems found (missing test coverage, lint issues, config mistakes, documentation gaps). The lead dev reviews and merges these the next day.
• Once dev is clean, cut and merge the release into main and tag it.
• Write release notes and post a nightly summary.
• Adapt the release cadence to the team's needs — during demo sprints or crunch periods, coordinate with the lead dev on whether to hold the main merge, cherry-pick critical fixes only, or batch releases.
• Triage and organize Linear issues — ensure tickets have clear descriptions, acceptance criteria, and correct priority/status.
• Keep project documentation current — architecture docs, runbooks, onboarding guides.
• Track progress across active workstreams and flag blockers or dependencies.
• Coordinate across contributors — make sure people aren't duplicating work or blocked on each other.
• Maintain the roadmap view — what shipped this week, what's in flight, what's next.
• Organize and clean up stale tickets, close completed work, link related issues.
• Deliver weekly status updates to the lead dev — what's done, what's at risk, what needs a decision.
• Run regular syncs with the deployment team — track progress on infrastructure (IaC, Key Vault, networking), CI/CD pipeline hardening, and security tasks (JWT expiry reduction, encrypted storage, managed identity migration, direct Entra ID integration).
• Ensure deployment team deliverables meet SOC 2 evidence requirements — the work they ship needs to produce auditable artifacts, not just working code.
• Unblock the team — flag dependency conflicts, missing access, unclear requirements before they become delays.
• Deliver weekly status updates to the lead dev — what's done, what's at risk, what needs a decision.
• Execute the recurring evidence collection calendar — quarterly screenshots of Azure IAM roles, Entra ID MFA settings, GitHub org access, Key Vault RBAC, Dependabot alerts, Defender scores, merged PR examples.
• Collect signed DPAs from subprocessors and file vendor SOC 2 reports
• Build and maintain the formal risk register
• Minor policy edits and updates as needed — we have 24 security policies drafted; you'll review, flag gaps, and make light edits, not write from scratch
• Evaluate and onboard a SOC 2 compliance platform (Vanta, Drata, or Secureframe) — this is the critical path blocker for starting the observation window
• Set up onboarding/offboarding security checklists and establish the quarterly access review process
• Coordinate penetration testing engagement (scope, vendor selection, scheduling)
• Regular async updates to the lead dev — surface blockers, decisions needed, an progress against the SOC 2 timeline. Don't wait for syncs to flag issues.

What We're Looking For:

• Enough technical depth to read TypeScript diffs, catch real issues, and fix them — not just filing tickets
• Comfortable writing code for remediation — test coverage, lint fixes, config corrections, small refactors
• Comfortable with GitHub (PRs, Actions, CI pipelines) and Linear (or similar project tools)
• Strong at organizing information — turning scattered work into clear status, clean backlogs, and useful docs
• Experience coordinating across distributed teams — can run a sync, write a clear status update, and hold people accountable without being their manager
• Experience with compliance frameworks — SOC 2, ISO 27001, or HITRUST. Knows what auditors actually look for.
• Good judgment on when to hold the line vs. when to find a creative path forward — we're early-stage and need someone who protects quality without blocking momentum
• Proactive communicator — surfaces risks and blockers before they become problems

Nice to Have:

• Experience with NestJS/Next.js or TypeScript monorepos
• Prior experience as a TPM, dev lead, or engineering manager at a startup
• Hands-on experience with Vanta, Drata, or Secureframe
• Familiarity with Azure (Entra ID, Key Vault, Container Apps, Monitor)
• Prior experience running a SOC 2 Type II readiness process end-to-end

Tools:

• Claude Code / Cowork
• GitHub (PRs, Actions, branch protection)
• Linear (task tracking, roadmap)
• GitHub files + Google Docs + some Notion (documentation)
• Azure (infrastructure, identity, monitoring)
• Google Workspace (evidence collection playbook)
• Docker, PostgreSQL
• NX monorepo