Devin Hegelein

Deploying AI @ Moveworks

San Francisco Bay Area

About

Results-driven Program Manager with experience spanning application security, operational security and practice management. Repeated success in creating information security programs by engaging with cross-functional teams from technical end users to executive leadership to ensure lasting, enterprise-wide success. Focus on applying a hands-on approach in building environments that fuel a competitive advantage in alignment with business needs.

Experience

  • Deployment Strategist at Moveworks
    2023 - Present · 3 yrs 7 mos

    Moveworks was acquired by ServiceNow in Dec. 2025 for $2.85B • Own enterprise AI implementations for strategic accounts across financial services, healthcare, and technology, managing complex governance, security, integration, and adoption requirements from discovery through post-launch scale. • Independently designed and scaled an agentic automation evaluation framework from zero, defining assessment methodology, scoring rubrics, and deployment readiness criteria, achieving 97% org-wide adoption and establishing the standard for AI agent quality validation. • Lead high-stakes global rollouts coordinating customer IT, HR, security, and executive stakeholders alongside internal Product, Engineering, Support, and CS teams, owning dependencies, tradeoffs, launch readiness, and customer-facing risk end to end. • Build executive governance models including steering cadences, decision memos, escalation paths, and risk reviews that reduce ambiguity and accelerate enterprise decision-making. • Translate agentic workflow requirements and integration constraints into scoped deliverables, UAT plans, and rollout sequencing that Product and Engineering can execute against. • Create reusable implementation playbooks, governance templates, and deployment standards that reduce ramp time and improve repeatability across complex enterprise programs. • Leading the first enterprise deployment of ServiceNow EmployeeWorks for a Fortune 500 account, standing up an agentic AI front door that unifies search, task execution, and workflow automation across IT, HR, Finance, and Procurement for a workforce of 100,000+ employees spanning corporate and frontline environments.

  • Sr. Enterprise Security Program Manager at HackerOne
    2022 - 2022 · Less than a year

    • Developed, managed and consulted on 20+ enterprise scale bug bounty programs to provide continuous security monitoring of clients’ assets in production as an alternative to traditional PenTesting • Collaborated with hackers to source community talent of over 1MM active hackers with client programs, aligning hacker expertise with asset types, frameworks and languages • Monitored the lifecycle of hundreds of reports simultaneously from validation, triage, resolution and retesting via Jira while communicating updates between client stakeholders and hackers • Identified recurring CWEs within early stages of SDLC through analysis of over $300,000 in bounty spend and flaw category trends to harden organizational security practices • Built out KPI Dashboards in Looker to measure program performance and reviewed progress at weekly meetings with client programs

  • Veracode (3 yrs 1 mo)
    • Sr. Enterprise Security Program Manager
      2021 - 2022 · 1 yr

      • Oversaw client application security vulnerability management processes by identifying the true risk of each vulnerability, tracking of false positives, and implementation of Veracode tooling. Vulnerabilities identified from static analysis tools (SAST), dynamic analysis tools (DAST), software composition analysis (SCA) • Oversaw integration of security tooling in DevSecOps orgs by architecting security workflows within CI/CD pipeline, identifying vulnerabilities earlier in SDLC and reducing timelines to remediation by 20% • Develop quantifiable security materiality metrics to determine prioritization of remediation work and strategic direction of future security efforts • Tracked adherence to security compliance standards (PCI, HIPAA, GDPR, HITRUST, OWASP Top 10, SANS 25) in accordance with individual application needs based on data structures, risk exposure level, and business criticality • Tracked CWE and CVE fixes via JIRA and other ticketing tools • Promoted from Security Program Manager

    • Security Program Manager
      2019 - 2021 · 2 yrs

  • Oracle ()
    • Account Manager
      2018 - 2019 · 1 yr

    • Business Development Consultant
      2016 - 2018 · 2 yrs