Position Summary
The Director Product Security provides leadership and influences cybersecurity strategy across the product portfolio. The Director is responsible for helping secure Datasite products end to end, on time, and within budget. Reporting to the Chief Information Security Officer but embedded in the Datasite Product Organization, the Director works closely with software development, product owners, and engineering. The Director provides a holistic focus across infrastructure, application security, vulnerability management and third-party partnerships and dependencies. Additionally, the director instills a secure-by-design and security-first mission to ensure Datasite products are less vulnerable. The director works in lockstep with Security and Technology leadership and is united in a common goal of building functional, reliable, and secure products.
The Director Product Security has a highly visible role interfacing across multiple organizational units and business concerns. The individual constantly assesses products for weaknesses and recommends ways to resolve them before they are exploited. When security findings are discovered, the director proactively communicates with technical and business leadership teams to ensure a focus on risk mitigation. Successful candidates in this role possess product development knowledge, technical skills, and business acumen. Individual must be able to effectively communicate complex topics. The Director understands how attackers think and their motives, while understanding corporate business objectives.
Duties and Responsibilities
• Lead team of product engineers with product and application security reviews.
• Provide leadership and direction with security practices and methodologies in product security.
• Elevate team performance to keep pace with product iterations and ensure they are secure.
• Offer hands-on security and design support as needed across the product ecosystem.
• Develop a short- and long-term security design roadmap to improve processes and agility.
• Remove friction from complex manual processes through automation and outsourcing.
• Promote a positive security culture focused on collaboration and creating strong relationships.
• Adopt cybersecurity development frameworks, define/maintain policies and standards, and enforce them across all teams.
• Attend and participate in product meetings for security requirements with new and existing products.
• Develop partnerships aimed at improving product security practices and reducing cost.
• Serve as a central point of contact for product cybersecurity requirements, initiatives, and escalations.
• Participates in Datasite’s Privacy Information Management System (PIMS) committee.
• Enforce security standards and implementation configurations, as well as common security frameworks.
• Collaborate with security, IT, and product leadership across a suite of product features and capabilities.
• Communicate and recommend changes to the product ecosystem designed to mitigate security issues.
• Uphold product cybersecurity principles to meet compliance, privacy laws, and regulatory requirements.
• Perform other duties as assigned.
Qualifications
• Preferably 2-plus years in a team lead, manager or similar leadership role in cybersecurity or application security.
• Understanding of OWASP, CVSS, the MITRE ATT&CK framework
• Experience with the software development lifecycle (SLDC) and product development lifecycle and process
• Ability to obtain and maintain technical team and business support to influence a collaborative effort to reduce attack surface while performing rapid, continuous implementation.
• Demonstrated technical prowess, along with proven experience leading high-performing cybersecurity or development teams.
• Proficient in application security, secure coding, APIs (Application Programming Interface), vulnerability management, threat modeling and risk management.
• Well-versed with application security tools, public cloud providers, CI/CD platforms, and container
services.
• Experience managing internally developed, commercial, and third-party tools.
• Exemplary communication and leadership skills.
Education
Bachelor’s degree preferred in computer science, information assurance, engineering, or related field. Graduate business school degree highly desired.
Experience
• 5-plus years with a combination of one or more in cybersecurity, application security or engineering.
• Desirable one or more certifications (GWAPT, GWEB, GCSA, CISSP, CSSLP, CISM, CRISC.)
Positions that Typically Report to this Position
The projected salary range for this position is $185,000 to $205,000 per year.
On-Demand Group (ODG) provides employee benefits which includes healthcare, dental, and vision insurance. ODG is an equal opportunity employer that does not discriminate on the basis of race, color, religion, gender, sexual orientation, age, national origin, disability, or any other characteristic protected by law.
