DESIRED EXPERIENCE

• Bachelor’s or master’s degree in computer science, engineering, or a related field.
• Proven experience (4+ years in product security or a similar role.
• Experience in defining and implementing product security programs in a complex environment.
• Familiarity with secure development practices, secure coding techniques, and security testing methodologies.
• Knowledge of secure cloud architecture and security controls in cloud environments.
• Experience with threat modeling tools and security assessment tools.
• Familiarity with industry regulations and compliance requirements, such as GDPR or HIPAA.

PERSON REQUIREMENTS

• Strong leadership and decision-making abilities, with a focus on driving a culture of security.
• Ability to work well under pressure and meet deadlines in a fast-paced environment.
• Collaboration and teamwork skills, with the ability to work effectively with cross-functional teams.
• Continuous learner with a passion for staying updated with emerging technologies and industry trends.
• Strong commitment to security and a customer-centric approach to product security.
• Excellent communication and interpersonal skills to effectively collaborate with team members and stakeholders.

PURPOSE OF THE ROLE

As a Head of Product Security, your role is to ensure the security and integrity of the organization’s products and systems. You will be responsible for establishing and leading the product security program, implementing security measures, and driving a culture of security throughout the product development lifecycle. Your goal is to protect customer data, mitigate security risks, and ensure compliance with industry standards and regulations. You will feedback and lead the product teams on security features of our products and will lead security issue remediation efforts by owning the coordination and communications with internal and external stakeholders.
At IriusRisk, security is divided into two distinct areas: Corporate Security and Product Security, each with clearly defined responsibilities. This role falls under the Product Security domain.

DUTIES & RESPONSIBILITIES

Product Security Strategy and Program:

• Develop and implement a comprehensive product security strategy and program aligned with the organization’s goals and objectives.
• Define security policies, standards, and guidelines for product development and deployment.
• Establish security controls, processes, and frameworks to protect against potential threats and vulnerabilities.
• Drive our cross-functional teams to integrate security into the product development lifecycle.

Threat Modeling and Risk Assessment:

• Conduct threat modeling and risk assessments to identify and prioritize potential security risks and vulnerabilities.
• Drive the development teams to define and implement effective security controls and countermeasures.
• Monitor and assess emerging security threats and industry trends to proactively address potential risks.
• Work closely with security teams to ensure alignment with the overall security posture of the organization.

Secure Development Practices:

• Promote and enforce secure coding practices, architectural principles, and development guidelines.
• Provide guidance and support to development teams in implementing secure coding techniques and security best practices.
• Conduct code reviews and security assessments to identify and remediate security vulnerabilities.
• Foster a culture of security awareness and accountability among development teams.

Security Testing and Incident Response:

• Define and implement security testing methodologies, including penetration testing and code reviews.
• Collaborate with QA teams to integrate security testing into the overall testing strategy.
• Develop and maintain incident response plans and procedures to effectively respond to security incidents and breaches.
• Investigate security incidents and vulnerabilities, conduct root cause analysis, and drive appropriate remediation measures in a timely manner.

Compliance and Governance:

• Ensure compliance with relevant industry standards, regulations, and privacy requirements.
• Collaborate with legal and compliance teams to define and implement security policies and procedures.
• Conduct security audits and assessments to evaluate compliance with security standards and guidelines.
• Stay updated with evolving security regulations and industry best practices to maintain a robust security posture.