As the Product Security Manager, you will directly supervise a variety of software security professionals and be responsible for developing the ongoing maturation and effectiveness of our software security program for One Key. This position will provide information security direction, consultation, and advice and will lead program-wide security initiatives to ensure sustained and reliable security controls. You will be expected to have major contribution to the programs development and enforcement of data privacy, software security policy and strategy. You will oversee selection, development, deployment, monitoring, maintenance, and enhancement of security technology, as well as perform risk assessment, audit, and incident investigation. You should be passionate about solving security problems at scale.
- Provide strategic leadership in a committee like fashion, including a governance board for overall organizational security and compliancy participation
- Build, own and execute the product security strategy and roadmaps that include end-to-end protections, identity, cloud infrastructure and application
- Build security maturity models for team understanding and corresponding strategic plans and roadmaps
- Lead and collaborate the security architecture design review and change review processes, and ensure security architecture is adequately addressed in strategy plans, environmental changes and architecture designs
- Achieve realistic software security goals through proactive testing, continuous security & improvement processes with a DevSecOps mindset
- Accountable for security standards for cloud, data, application, identity, OS, network, web, mobile and API stacks
- Accountable for leading team through relevant regulatory compliance audits
- Collaborate with partner teams on application threat modeling, security issues and vulnerability fixes
- Must be a leader that can bring technical teams together and address problems well
- Own all facets of team hiring, performance management and career development
- Manage a team of talented security professionals
- Assemble vitally important security training plans for your team, peers, and the department
- Eager to develop a culture where software is built with security in mind
- Bachelor's degree in Computer Science; Or 15+ years of equivalent experience
- 5+ years hands-on experience leading, managing and developing high performance security teams in a complex, multi-faceted environment
- 5+ years of hands-on experience of information security technologies such as security design review, threat modeling, risk analysis, security controls and processes such as passive network monitoring, endpoint detection and response, incident response (MDR), and vulnerability management
- Solid understanding of cloud native security offerings and capabilities, and their well-architected security frameworks (AWS a plus)
- Demonstrated experience of red team/blue team cybersecurity testing and process
- Demonstrated knowledge of regulatory compliance such as CCPA and GDPR, and establishing processes and controls for SOC2 Type2 and ISO 27001
- Demonstrated knowledge of information security pillars (application, network security, key management/PKI, IAM, SSO, federation, data encryption and endpoint protection)
- Understanding of SDLC, DevOps, DevSecOps, and CI/CD pipeline
- Experience building relationships with security vendors on security technologies and assessments
- Participate in on call rotation with your team
- Experience working with hardware and firmware engineering teams a plus, but not mandatory
- CISSP, CISM or similar security certifications a plus, but not mandatory
We provide these great perks and benefits:
- Robust health, dental and vision insurance plans.
- Generous 401 (K) savings plan.
- Education assistance.
- On-site wellness, fitness center, food, and coffee service.
- And many more, check out our benefits site HERE.