Role Overview
- Define and drive Product Security strategy focusing on security assurance, risk reduction, AI innovation, and maintaining security posture.
- Lead and scale security teams and programs as a strategic partner to CISO and executive leadership.
Strategic Leadership & Security as a Business
- Define and evolve long-term Product Security strategy aligned with business goals.
- Own creation and execution of Product Security roadmap including security features, SDLC enhancements, and risk reduction milestones.
- Manage Product Security budget including forecasting and vendor contracts.
- Define, track, and report KPIs and security metrics providing data-driven insights to leadership.
- Conduct impact analysis and translate security risks into business risk terms.
People & Program Leadership
- Lead and mentor Security Engineers and Analysts providing career development and feedback.
- Define and execute goals focusing on secure AI development globally.
- Engage in the security industry as a thought leader through talks, publications, and forums.
Cloud Security (CloudSec) and Infrastructure
- Define security architecture and strategy for cloud environments (GCP, AWS, Azure).
- Lead implementation of security controls for containerized applications focusing on Kubernetes clusters.
- Implement security guardrails for Infrastructure as Code like Terraform.
Application Security (AppSec) & Secure SDLC
- Partner with Engineering and Product leadership to embed security processes into SDLC.
- Develop and oversee secure coding practices, architecture reviews, and code analysis.
- Direct vulnerability management and penetration testing programs ensuring prioritized remediation.
Data Security, AI/ML Model Security, & Cryptography
- Lead data security program focusing on protection, encryption, and access controls for sensitive patient data.
- Establish security engineering practices for AI/ML models including model integrity and adversarial attack prevention.
Requirements
- 10+ years progressive security experience including senior leadership of security teams and programs.
- Experience managing security as a business unit with budget and strategic forecasting.
- Engineering proficiency in one or more general-purpose programming languages; Python and NextJS a plus.
- Deep expertise securing major cloud platforms and knowledge of modern cloud security tools.
- Mandatory expertise securing Kubernetes and container orchestration technologies.
- Proven experience securing enterprise SaaS and cloud products handling PHI with knowledge of relevant security regulations and frameworks.
- Exceptional communication and presentation skills to convey complex security issues to technical and non-technical audiences.