Head of Product Security

Perforce develops DevOps tools that improve software quality and security as well as team productivity for several of the world’s leading companies, such as PIXAR, CD Projekt Red, NASA, Verizon, Honda, NVIDIA.

Position Summary:

As the Head of Product Security, you will play a pivotal role in defining and implementing security policies and standards across our software development processes. This role will demand a hands-on approach to cultivate a culture of security within our software development and product teams, focusing on secure development, DevSecOps practices, and shift-left security principles.

Responsibilities:

• Define and implement a product security strategy aligned with company’s business objectives.
• Collaborate with product and engineering teams to integrate security controls at every stage of the software development life cycle.
• Foster a culture of security awareness, including the education and training of developers on secure coding practices.
• Drive the adoption of automated security tools and processes to enable shift-left security practices.
• Work with various stakeholders to build and maintain a product security roadmap.
• Conduct regular risk assessments and audits to ensure compliance with internal and external security standards.
• Participate in incident response and post-mortem activities, ensuring that lessons learned are incorporated into product development practices.
• Communicate effectively with teams, management, and clients about security concerns and best practices.
• Assist in the management of third-party risks by overseeing vulnerability assessments and ensuring effective remediation.
• Monitor advancements in information security technologies and programmatically incorporate them into the internal environment.

Requirements:

• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related field. Advanced degree is preferred. (or equivalent experience)
• Proven experience in a senior product security role, preferably in a SaaS or traditional software development environment.
• Strong knowledge of security architectures, vulnerability management, encryption, access control, and secure coding practices.
• Experience with DevSecOps and shift-left security principles, including the implementation of automated security tools.
• Certifications like CISSP, CISM, or CSSLP are highly desirable.
• Exceptional understanding of the latest security principles, techniques, and protocols.
• Strong leadership and team management skills, with the ability to inspire and motivate a team.
• Exceptional communication and interpersonal skills, with a proven ability to explain complex security concepts to both technical and non-technical stakeholders.
• Experience with compliance frameworks like ISO 27001, SOC 2, or GDPR.
• Proficiency in cloud environments like AWS, Azure, or Google Cloud Platform.