Vacancy expired!
About the Position:
The Sr. Director of Product Security is an accomplished security professional with hands on experience leading teams focused on securing B2B and B2C SaaS platforms. The scope of responsibility encompasses all aspects of securing Products, including but not limited to threat modeling, security architecture, design reviews, application security, and process design to secure CI/CD pipelines. You'll be a part of a fast moving and dynamic team that is tightly integrated and focused on execution and delivery of customer focused software products. You will lead Product Security and report to the CISO & VP of Product. You will work in close partnership with the Product Hosting Team, Architecture, Product Management, Cybersecurity teams, and several Development / Product Engineering teams.As the thought leader for Product & Application Security, you will lead a team of architects, engineers, and security experts and have deep experience in deploying software-defined Cybersecurity services including data protection, access control, container security, and secure agile code development at scale. Your team will partner with other leaders to architect and deliver: Cloud Security, Cloud Data Encryption and Tokenization, Key Management, Web Application/Service Security, API Security, Database Security, Threat Modeling, Network Security, IAM, and a Secure SDLC. The leader will partner on the evolution of secure development methodologies and mechanisms for all of products and services. This leader will also drive effective integration, adoption of standard methodologies, and the latest methods & techniques in identifying design flaws and software issues.This role requires timely and effective communications to key stakeholders including executive level leadership. Work is done in close partnership with other leaders from several technical and product teams. In addition to the effective management of product security, this leader may also lead strategic or special projects related to cybersecurity improvement opportunities. Responsibilities:Product Security: Lead Product Security team Leverage Design Thinking and take a Security first mindset to bake security into the product Perform Design Reviews to ensure security is a core requirement of all products Partner with Engineering teams on the implementation of security minimizing cost, time, and customer friction. Understand attack techniques and perform threat modeling to design controls to guard against common attacks Lead the implementation of security controls to protect SaaS platform Design and implement secure coding practices into SDLC Audit and enforce secure SDLC processes are consistently followed by development teams Partner with product management team to document product security and compliance across the products Partners with product marketing to position security as a competitive advantage Create and maintain process documentation, including standard operating procedures as better practices and new processes are identified Act independently to identify and resolve risks to global enterprise and attack surface. Management: Directly & indirectly manage a team of security experts Manage 3rd parties hired to provide testing services Assist customer facing teams in answering product security questions submitted by customers Follow applicable documentation, confidentiality and legal standards in all written and verbal communication Demonstrate excellent judgement when addressing new challenges where process may not already exist Assist with various audit of internal compliance to cybersecurity policies and standardsLeadership: Partner with senior leaders across the business to help protect and grow the business Implement security best practices in accordance with ISO 27000 Information Security Management System and other national/international security standards Lead strategic or special projects required to meet its cybersecurity objectives including the evaluation and implementation of new cybersecurity technology Communicate effectively with business and technical audiences and produce suitable communications for multiple audience types, both client-facing and internalQualifications:Education/Experience Bachelor s degree in Computer Science plus 10+ years related experience, or Master s degree plus 8+ years related experience preferred, or Equivalent combination of education and related experienceRequired Skills and Knowledge Experience managing people in a cybersecurity or information technology organization Experience working with product development/ engineering and product management teams Experience in cloud security and service infrastructure Experience working for a SaaS technology company Experience in driving effective implementation & adoption of Security Development Lifecycle (SDL) and software maturity model Proven knowledge and experience with threat models, web security and secure development practices Proven track record of delivering cybersecurity or information technology projects effectively Prior experience in distributed system design and microservice architectures Experience in developing and deploying cloud services using cloud architectures Proven knowledge of secrets management, cryptography, and authentication and authorization protocols used in software development Experience with CI/CD and software deployment automation tools Prior experience in implementing and integrating tools for static analysis, dynamic analysis, fuzzing, and penetration testing Good working knowledge of cybersecurity best practices Strong knowledge of relevant cybersecurity related hardware, software and vendor solutions Ability to understand and work with complex, large enterprise business environments Demonstrated capacity to lead under pressure, make decisions in ambiguous situations and drive cross functional collaboration in a short period of time Ability to work well interpersonally across different teams and disciplines at various levels up through executives, as well as influence and manage without direct authority.Ability to prioritize and effectively manage competing priorities and projectsVacancy expired!