Product Security Manager

As the Manager of Product Security with a focus on Data Privacy, you will play a crucial role in ensuring that our products are designed, developed, and deployed with strong security and privacy controls. You will lead a team of security professionals, collaborate with cross-functional teams, and drive the implementation of privacy-by-design principles across all stages of the product lifecycle. Your key responsibilities will include safeguarding customer data, ensuring compliance with privacy regulations, and mitigating security risks in product development.

Key Responsibilities:

Leadership & Strategy:

Lead the product security team focused on embedding data privacy and security controls into product design and development processes.

Develop and execute a comprehensive product security strategy with a focus on data privacy.

Partner with engineering, legal, compliance, and product teams to ensure privacy and security are integrated into all stages of the product lifecycle.

Drive privacy-by-design principles and advocate for secure development practices across the organization.

Data Privacy Governance:

Ensure products comply with relevant data privacy regulations such as GDPR, CCPA, HIPAA, and other global standards.

Develop, implement, and maintain product security policies and procedures that align with legal, regulatory, and industry requirements.

Perform privacy impact assessments (PIAs) and security risk assessments (SRAs) on products and services.

Risk Management:

Identify, assess, and manage privacy and security risks related to product development and deployment.

Implement controls and measures to mitigate data breaches, unauthorized access, and other security incidents.

Lead incident response efforts related to privacy violations or data security breaches in collaboration with legal and IT teams.

Collaboration & Communication:

Collaborate with engineering teams to integrate security tools, practices, and automated testing into CI/CD pipelines.

Work closely with the legal and compliance teams to interpret and respond to data privacy regulations and standards.

Communicate privacy and security risks, issues, and solutions to senior leadership and other stakeholders.

Training & Awareness:

Develop and conduct training programs to educate product development teams on privacy and security best practices.

Stay up-to-date with emerging data privacy trends, threats, and technologies and ensure the team is aligned with industry best practices.

Monitoring & Reporting:

Oversee continuous monitoring of product security and privacy controls to ensure ongoing compliance and risk mitigation.

Provide regular updates to leadership on the status of product security initiatives, privacy compliance, and risk management activities.

Qualifications:

Education & Experience:

Bachelor's or Master's degree in Information Security, Computer Science, or related field.

10+ years of experience in product security, cybersecurity, or data privacy, with a focus on software product development.

Proven experience managing teams in a security or privacy role.

Skills & Knowledge:

Deep understanding of data privacy laws and regulations (e.g., GDPR, CCPA, HIPAA).

Strong knowledge of product security principles, including secure software development practices, encryption, and threat modeling.

Familiarity with privacy-enhancing technologies, data anonymization, and data retention practices.

Experience with security tools, automation, and CI/CD practices.

Certifications (preferred):

Certified Information Privacy Professional (CIPP), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or similar certifications.

Personal Attributes:

Excellent leadership, communication, and collaboration skills.

Strong problem-solving and critical thinking abilities.

Ability to manage multiple priorities in a fast-paced environment.

A proactive and solution-oriented approach to managing security and privacy risks.