Cybersecurity Metrics and Reporting Lead overseeing development of security metrics and dashboards. Collaborating with teams to improve cybersecurity program effectiveness and compliance tracking.
About the role
- Director of Product and Application Security at SailPoint overseeing security strategy and team management. Leading integration of security in product development for SaaS, on-prem, and AI products.
Responsibilities
- Develop and lead the enterprise-wide product security and resilience strategy, aligning with business goals and regulatory requirements.
- Partner with Dev/Ops, engineering, product management, and infrastructure teams to integrate security into SDLC, DevSecOps, and CI/CD pipelines.
- Establish and oversee secure architecture patterns, threat modeling practices, and resilience engineering frameworks.
- Drive adoption of security automation, vulnerability management, and secure coding standards across product teams.
- Build and mentor a high-performing team of product security architects, engineers, and software security specialists.
- Monitor emerging threats, technologies, and compliance trends to proactively evolve the security posture.
- Collaborate with legal, compliance, and risk teams to ensure alignment with global standards and certifications.
- Define and track KPIs to measure program effectiveness and maturity.
Requirements
- 7+ years in leadership roles, preferably in product or application security.
- Certifications like CISSP, CISM, CISA, CEH, GCIH, GCIA, are beneficial.
- Experience with secure software development practices and tools.
- Experience and knowledge of artificial intelligence software security, including OWASP AI Security and Privacy Guide, NIST AI Risk Management Framework, Cybersecurity AI (CAI), Open SSF AI/ML Security Framework.
- Experience with regulatory frameworks (e.g., NIST, ISO 27001, GDPR).
- Strategic Vision & Execution - Ability to define and communicate a clear vision for product security and resilience aligned with enterprise goals.
- Influence & Collaboration – Demonstrable experience building strong partnerships across an organization to drive secure-by-design culture.
- Technical Leadership - Deep understanding of product security issues (like XXE, SSRF, Injections, etc.), modern software development (fully automated CI/CD, REST, OAuth2) including multi-cloud (AWS, Azure, GCP, Containers, Kubernetes) architectures, particularly Amazon Web Services, Kubernetes, and software bill of materials (SBOM).
- Manage entire lifecycle of security researcher findings, customer reported security questions, issues, incidents, associated CVE’s.
- Change Management – Experience leading organizational change initiatives to embed security and resilience into product development lifecycles.
- Experience building relationships with software engineering teams, including managing mature product security including final security reviews, and, risk-driven product scoring/metrics.
- Talent Development - Demonstrable experience building high-performing teams through coaching, mentoring, and career development.
- Risk-Based Decision Making – Experience making informed decisions through balancing business priorities, technical constraints, and risk exposure.
- Executive Communication – Experience communicating complex technical concepts and ongoing program updates clearly to non-technical stakeholders and executive leadership.
Benefits
- Health and wellness coverage: Medical, dental, and vision insurance
- Disability coverage: Short-term and long-term disability
- Life protection: Life insurance and Accidental Death & Dismemberment (AD&D)
- Additional life coverage options: Supplemental life insurance for employees, spouses, and children
- Flexible spending accounts for health care, and dependent care; limited purpose flexible spending account
- Financial security: 401(k) Savings and Investment Plan with company matching
- Time off benefits: Flexible vacation policy
- Holidays: 8 paid holidays annually
- Sick leave
- Parental support: Paid parental leave
- Employee Assistance Program (EAP) and Care Counselors
- Voluntary benefits: Legal Assistance, Critical Illness, Accident, Hospital Indemnity and Pet Insurance options
- Health Savings Account (HSA) with employer contribution
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Senior Developer in Defensive Security for Clio, a leader in legal AI technology. Join a team to proactively tackle application security vulnerabilities and enhance security practices.
Intern role in emerging network systems at KBR Mission Technical Solutions. Focused on network interconnection problems and quality of service metrics in a collaborative environment.
Director of Product Security leading cybersecurity initiatives for medical devices at LivaNova. Ensuring patient safety and compliance with regulatory demands across product lifecycle.
Security Engineer driving modernization and improvements in KPMG's cybersecurity services. Engaging in technology evaluation, process innovation, and stakeholder communication.
Identity and Access Security Analyst at HII’s Newport News Shipbuilding focusing on SAP Security skills. Designing secure operating systems and conducting security assessments.
Senior Security Specialist ensuring compliance and security measures at Disney. Supporting audit processes and collaborating on risk assessments to enhance cybersecurity.
Risk Analyst supporting Keyloop’s Security Governance by managing information security risks. Identifying and monitoring risks while ensuring compliance with regulatory standards.
Cloud Security Engineer responsible for designing and implementing security controls for cloud environments at Keyloop. Ensuring secure adoption and compliance while working with platform and engineering teams.
IT Infrastructure & Security Engineer managing and developing network and server infrastructure at L - mobile. Collaborating on security measures and supporting internal audits in a hybrid role.