Senior Director, Product Security

Information TechnologyRemote, United States


We are Progress (Nasdaq: PRGS) - the trusted provider of software that enables our customers to develop, deploy and manage responsible, AI-powered applications and experiences with agility and ease.  
We’re proud to have a diverse, global team where we value the individual and enrich our culture by considering varied perspectives because we believe people power progress. Join us as a Senior Director, Product Security, working out of your home office in the United States and help us do what we do best: propelling business forward.   Due to team location, we can only consider those in EST or CST zone.
 
The Senior Director, Product Security builds strong and strategic relationships with product stakeholders across business lines, driving a secure-by-design and security-first mission to ensure products are less vulnerable and incorporating end-to-end secure product delivery into teams to support the organization’s overall security strategy.
 
This Senior Director reports to the CISO and leads a team of product security engineers that aligns with the business strategy and delivers cybersecurity expertise. This highly visible role also serves as one of the key representatives and leaders for the security team across the enterprise. The Senior Director provides a holistic focus across infrastructure, application security, vulnerability management and third-party partnerships and dependencies. Across collaborative teams, the Senior Director defines, documents, maintains, and enforces the practices and policies that are the pillars of a formidable product cybersecurity program. The Senior director works in lockstep with product management and engineers, IT and risk management leadership and is united in a common goal of building functional, reliable and secure products.
 
The Senior Director possesses deep technical skills and business acumen, understands how attackers think and their motives, and is an expert at managing risks in support of the company’s strategic objectives. The individual is self-driven, with an excellent ability to partner, execute, and lead through influence. 
 

In this role, you will: 

  • Define a clear vision and strategy for product security, together with product management, sales, and security teams, to drive the importance of product security in reducing risks and providing a competitive advantage. 
  • Develop a short- and long-term security design roadmap to improve services, processes and agility. 
  • Define, build, and scale product security capabilities. Develop a clear roadmap to outline all capabilities required product security targets and develop budgetary models between enterprise security and application security.
  • Enforce governance over product security, which include security standards and implementation configurations, common security frameworks, cybersecurity principles to meet compliance, privacy laws and regulatory requirements. Define key performance and risk indicators to enhance transparency and tracking of development over time.
  • Be a thought leader and provide direction with security practices and methodologies in product security – driving automation, best practices, and cost efficiencies.
  • Develop and build a team of product security engineers to serve as the Center of Excellence around application security and work side by side with the product teams.
  • Ability to foster a high performing team that can scale with the needs of the business, including attract and retain high-performing cybersecurity professionals on premises and in virtual working arrangements, grow and develop team members’ skillsets to keep pace with product iterations and ensure they are secure, and be accountable for team performance alongside empowering teams to deliver on strategic objectives effectively without micromanaging.
  • Establish and implement a formalized Security Champion program and communication channels to drive a unified security voice and transparency across the enterprise.
  • Promote a positive security culture focused on collaboration and creating strong relationships and trusted partnerships with product leadership and security champions across the portfolio of products aimed at improving product security practices and reducing cost.
  • Adopt cybersecurity SDLC frameworks such as OWASP SAMM and SLSA, define/maintain policies and standards, and enforce them across all teams.
  • Assess products for weaknesses and recommend ways to resolve them before they are exploited.
  • Offer hands-on security and design support as needed across the product ecosystem.
  • Serve as a central point of contact for product cybersecurity requirements, initiatives and escalations.
  • Attend and participate in product meetings for security requirements with new and existing products
  • Be accountable to keep product security initiatives within annual approved budgets.
  • Proactively communicate security findings and recommend changes to the product ecosystem designed to mitigate security issues.
  • Drive strategic initiatives and/or discrete projects on behalf of the CISO through communication and dashboards
  • Perform other duties as assigned.

Your background:

  • Bachelor’s Degree or equivalent from a college or university Information Technology, Information Security/Assurance, Engineering or similar area of study; demonstrated or proven experience and/or training; or equivalent combination of education and experience preferred.
  • Preferably 5-plus years in a manager, director or similar leadership role in cybersecurity or app security with proven experience leading high-performing teams.
  • Demonstrated technical prowess, well-versed with application security tools, public cloud providers, CI/CD platforms and container services.
  • Proficient in application security, APIs, vulnerability management, threat modeling and risk management.
  • Ability to support and assist with source code reviews: C/C++, Java,.NET- modern languages a plus.
  • Successful track record of hiring and retaining cybersecurity professionals and multi-team collaboration.
  • Experience managing an annual cybersecurity budget with expenses for internally developed, commercial and third-party tools.
  • Exemplary leadership skills with experience guiding teams to prioritize and capture goals and objectives, grooming next leaders, and scaling the team for to meet business needs.
  • Innate ability to forge relationships, influence and negotiation across a breadth of cross-functional teams and stakeholders of all levels in the organization, including executives. 
  • Superb communication and marketing skills to effectively influence Security both internally and externally.
  • Proven ability to make decisions and perform complex problem-solving activities under pressure. 
  • Passion of staying up-to-date on the latest industry trends and news and the ability to leverage insights to drive strategic decisions and adoptions.
  • Exceptional ability and previous experience measuring and reporting business value and risks in a clear concise manner for varying degrees of technical audiences
  • Experience in driving change management and/or delivering employee training and awareness initiatives
  • Experience working and delivering product or services in an agile/lean environment 
  • Self-motivated, creative, and works well in areas of ambiguity

If this sounds like you and fits your experience and career goals, we’d be happy to chat.   What we offer in return is the opportunity to experience a great company culture with wonderful colleagues to learn from and collaborate with and also to enjoy:  

  • Medical, dental, vision, life & disability, and financial benefits (including 401(k) retirement savings plan. Tuition Reimbursement program. Additional voluntary benefits including crucial illness/hospital indemnity, identity theft protection, auto & home insurance, legal, and pet insurance. 
  • Competitive salary, bonus, and best-in-class Employee Stock Purchase Program (ESPP) with a 27-month lookback
  • Flexible paid vacation time, paid day off for your birthday, and company holidays. A variety of leave plans, including Parental Leave.
  • Employee Assistance Program (EAP) and an employee well-being program focusing on physical, mental, and financial health. 
Apply Now!
 
#LI-remote
#LI-SC1

Together, We Make Progress

Progress is an inclusive workplace where opportunities to succeed are available to everyone. As a multicultural company serving a global community, we encourage a wide range of points of view and celebrate our diverse backgrounds. Our unique combination of perspectives inspires innovation, connects us to our customers and positively affects our communities. It is only by working together and learning from each other that we make Progress. Join us!