Sr. Manager, Product Security

Portland / PleasantonDivisions – Information Security /Full-Time /HybridSummaryThe Manager, Product Security leads a team dedicated to embedding security within products. This role involves partnering with the Product Owner, Technical Product Owner, and Engineering Lead to advocate for and influence security measures within product development. The primary objective is to ensure that products are secure by design and compliant with security standards and regulations.How will you contribute?Risk Management:Conduct comprehensive threat modelling to identify potential threats and vulnerabilities.Perform detailed risk assessments to evaluate the impact and likelihood of risks.Security by Design:Develop and implement secure design principles and practices.Ensure secure coding practices are followed by the development teams.Vulnerability Management:Lead regular security testing, including static and dynamic analysis and penetration testing.Evaluate and prioritize vulnerability fixes based on risk and impact.Identify and eliminate false positives to streamline remediation efforts.Compliance and Regulatory Adherence:Ensure products comply with relevant security standards and regulations.Maintain and update documentation and evidence of compliance.Support internal and external audit processes for the product.Incident Response:Develop and maintain product-specific incident response plans.Provide expert knowledge and support to the SOC (Security Operations Center) for effective incident management.Continuous Improvement:Stay updated with the latest security threats, technologies, and best practices.Continuously improve security practices and processes within the product development lifecycleWhat will you bring?Education: A degree in Computer Science, Cybersecurity, Information Technology, or a related field.Certifications: Relevant cybersecurity certifications such as CISSP, CISM, CEH, or equivalent preferred.Experience in Cybersecurity: 10-15 years of experience in cybersecurity or related fields.Product Security Experience: At least 5 years of specific experience in product security, ideally in FinTech related roles.Leadership: Proven leadership skills with a minimum of 3-5 years in a managerial role, overseeing cybersecurity teams or projects.Technical Skills:In-depth knowledge of cybersecurity principles, secure coding, vulnerability management and risk assessment.Proficiency in modern cloud technologies (AWS, Azure, GCP), containerization (Docker), and orchestration (Kubernetes).Strong understanding of serverless computing, API security, OS hardening, SDLC and network security.Analytical Skills: Strong ability to analyze and mitigate security risks and vulnerabilities.Collaboration: Effective collaboration skills to work with cross-functional teams.Continuous Learning: Commitment to staying updated with the latest security trends and technologies.$225,000 - $275,000 a yearThe above salary range represents Smarsh's good faith and reasonable estimate of the range of possible base compensation at the time of posting. Any applicable bonus programs will be discussed during the recruiting process. The salary for this role will be set based on a variety of factors, including but not limited to, internal equity, experience, education, location, specialty and training. Local cost of living assessments are done for each new hire at the time of offer.