IT Security Manager providing operational leadership for ICBC’s IT security program. Enhancing cyber security practices and managing security initiatives in a dynamic, hybrid cloud environment.
About the role
- Product Security Manager at Drivemode leading product security program and embedding secure practices. Collaborating cross-functionally to ensure secure product lifecycle.
Responsibilities
- Define and maintain product security policies, secure development lifecycle, and product security controls.
- Identify, assess, and prioritize product security risks.
- Lead TARA/threat modeling, vulnerability management, SBOM/OSS controls, and secure development practices.
- Support PSIRT activities by ensuring appropriate triage, remediation, and engineering response from Drivemode teams.
- Define and implement controls to meet and demonstrate compliance with ISO/SAE 21434, UN R155/R156, and internal governance and security requirements.
- Deliver regular security posture reports, KPIs, and maintain training for engineering security champions.
- Define and execute product security strategy and roadmap; set policy, risk appetite, and release acceptance criteria.
- Embed secure-by-design practices across engineering: lead TARA/threat modeling, security design reviews, and security gates (CI/CD first).
- Own SBOM/OSS controls and supplier security requirements; ensure evidence for audits and acceptance.
- Run the product vulnerability program and coordinate remediation and evidence handover to other departments; support internal triage and verification.
- Define patch/update policy and oversee secure update delivery for releases and OTA where applicable.
- Report product security posture and KPIs to leadership; run the security champions and training strategy to up-skill engineering teams.
Requirements
- 7+ years in security roles with more than three years in management/lead capacity.
- Proven experience leading product security programs, TARA/threat modeling ownership, SBOM/OSS management, and vulnerability triage coordination.
- Experience with security and compliance audits.
- Strong stakeholder skills and demonstrated ability to embed security practices into agile product teams.
- Ability to collaborate effectively in English.
Benefits
- Competitive compensation
- Excellent benefits
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Location requirements
Security Officer ensuring safety and security of Yankee Candle assets and personnel. Responsiblities include monitoring, patrols, incident response, and safety training at the corporate campus.
Senior Specialist in Information Security Governance, Risk & Compliance at Cellulant, driving information security, privacy, and compliance standards within BFSI context.
Cloud Security & Application Security Engineer at Cellulant enhancing security across cloud - native platforms and applications. Working in a hybrid role to support a leading payment service provider in Africa.
IT Audit Consultant joining Baker Tilly to manage technology risks for clients, offering strategic advice and audit support. Engaging with client executives to ensure compliance and operational efficacy.
Senior Health and Safety Advisor overseeing health and safety on construction projects for Aecon. Ensuring compliance with SST legislation and promoting zero accident culture.
Senior Information Security Specialist executing Daikin Europe’s Information Security strategy. Collaborating with leadership to ensure our systems and services remain secure and compliant with regulations.
Experienced Information Security Officer at Daikin responsible for defining Information Security strategy and ensuring compliance with regulatory frameworks. Collaborating with external specialists and mentoring junior team members in EMEA.
Security Specialist ensuring the protection of company and government assets. Conducting daily security functions and providing technical support while maintaining compliance with regulations.
Industrial Security Specialist conducting daily security functions and providing technical support within Booz Allen. Focused on protecting company and government assets while handling classified materials.