Director, Product Security

Your opportunity

Do you want to drive the future of innovative product security capabilities that customers can trust to run their business? Interested in leading a stellar product security team for a rapidly scaling SaaS business? Then we're very interested in speaking with you!

Our new security leader will drive a comprehensive product security roadmap for customer trust and assurance. As a key member of the Chief Information Security Officer's staff, you will build a solid foundation for the product security ecosystem while executing on critical priorities. This is a critical leadership role for an individual who deeply understands the technical challenges of rapid product delivery and can embed security as a foundational element of our engineering culture.

You will be the vital link between Engineering, Product Management, and Security. This role will visibly represent the New Relic Security Team throughout the company, working with product managers, engineering leadership, industry thought-leaders, and customers.

What you'll do

Strategy & Execution

• Work closely with the CISO to provide leadership forproduct security strategy execution, product security architecture, and the secure engineering ecosystem.
• Help build and deliver on the CISO's vision for the growth of information security programs such as SDLC, audit logging, product security standards, security testing, and bug bounties.
• Own and Execute the Product Security Strategy, defining a clear, actionable roadmap that aligns with business goals and reduces organizational risk.
• Act as the principal security advisor to Engineering and Product leadership, translating high-level product strategy into technical security requirements and engineering practices.

Engineering & DevSecOps Leadership

• Drive DevSecOps Adoption by architecting and leading the implementation of our DevSecOps program, integrating security testing, validation, and controls seamlessly into the CI/CD pipeline17.
• Leverage deep experience with a broad range of development, build, and deploy systems (e.g., Jenkins, GitLab CI, Kubernetes) to identify and eliminate security friction points.
• Design, implement, and run an effective Product Vulnerability Management lifecycle, from automated scanning and triage to developer remediation and verification.
• Work directly with development teams to improve and scale secure coding practices, focusing on developer experience and automation.

Governance & Team Growth

• Feed and grow a global security organization that motivates team members to face challenges and deliver significant work.
• Coach and mentor managers and team members by understanding their career goals and providing opportunities for professional growth.
• Drive security collaboration with partners in Legal, Data Compliance, and Privacy to develop and execute policy and controls related to product development, software supply chain, open-source, and mergers & acquisitions.
• Build partnerships with product, engineering, go-to-market, and sales leaders to deliver on security initiatives.
• Provide leadership and confidence during Product security incidents.
• Develop and deliver internal security scorecards for use with executive and board reporting.
  
  

This role requires

• 10+ years of technical hands-on security experience or security program management.
• Deep Engineering Background: Substantial, hands-on experience in software engineering and development roles prior to, or integrated with, security leadership (i.e., you can speak the language of engineers).
• Demonstrated ability leading multiple managers and teams.
• SaaS Product Delivery Experience: Proven track record of securing rapidly scaling SaaS products delivered on cloud platforms.
• Strong product security program planning, project management, and execution skills.
• DevSecOps Mastery: Extensive, practical experience designing and implementing advanced DevSecOps toolchains and methodologies.
• A background involving open-source security, vulnerability disclosure, SaaS cloud security technologies, product incident response, and a deep understanding of risk and threat assessments.
• Experience identifying and resolving potential security issues involving compliance, mergers and acquisitions, and regulatory issues as related to Software as a Service (SaaS).
• Demonstrated communication skills with detailed, technical information in a manner comprehensible by individuals at varying degrees of experience and skill level.

Bonus points if you have

• Experience defining, documenting, and implementing controls required for compliance frameworks such as FedRAMP, HIPAA, and/or ISO 27001.
• Demonstrated success with achieving cross-organizational security goals.
• A history of publishing, public speaking, and involvement with security industry working groups.
• Experience with assessing/building multi-year roadmaps/advancing cybersecurity program maturity.

Please note that visa sponsorship is not available for this position.

#LI-JH1