- Company Name
- SailPoint
- Job Title
- Director, Cyber Product Security
- Job Description
-
**Job Title:** Director, Cyber Product Security
**Role Summary:**
Leads and expands a multidisciplinary cyber product security team to protect all SailPoint software platforms (customer‑facing and internal). Drives strategy, processes, and technology for product security, collaborates with engineering, IT, legal, and compliance, and serves as the primary security ambassador for customers and the public. Reports to the Deputy CISO.
**Expectations:**
- Build and mentor a high‑performing team of security architects, engineers, and specialists.
- Align security initiatives with business objectives, regulatory requirements, and global compliance standards.
- Establish and mature shared security models, standards, and tooling across the software development lifecycle (SDLC).
- Lead incident response, bug bounty, and vulnerability management programs.
- Define, track, and report KPIs to demonstrate program effectiveness and maturity.
**Key Responsibilities:**
1. Develop and execute the cyber product security strategy and roadmap.
2. Recruit, coach, and retain security talent; foster a culture of innovation and integrity.
3. Partner with Engineering Security to define product security standards, secret‑management policies, architecture patterns, and threat‑modeling practices.
4. Integrate security automation, SBOM generation, and AI‑coding safeguards into CI/CD pipelines.
5. Provide SAST, SCA, DAST, IAST, and SBOM support for internal software platforms.
6. Conduct threat modeling and penetration testing for internal and customer‑facing products; coordinate external pen‑test requests.
7. Lead the Product Security Incident Response Team (PSIRT) for all SailPoint software.
8. Manage the bug bounty program, CVE requests, and third‑party security inquiries.
9. Deliver developer security training on secure coding, open‑source licensing, and AI‑coding policies.
10. Validate implementation of security policies and standards across development teams.
11. Monitor emerging threats, technologies, and compliance trends; proactively evolve security posture.
12. Collaborate with Legal, Compliance, and GRC to ensure alignment with global regulations and certifications.
13. Define, monitor, and report KPIs for security program maturity.
**Required Skills:**
- 7+ years of leadership experience in product or application security (preferably in SaaS environments).
- Deep expertise in secure SDLC, CI/CD security tooling, SAST/SCA/DAST/IAST, SBOM, and secret‑management.
- Strong knowledge of threat modeling, penetration testing, vulnerability management, and incident response (PSIRT).
- Proven ability to develop and enforce security standards, policies, and governance frameworks.
- Experience with bug bounty programs, CVE handling, and third‑party security coordination.
- Excellent collaboration and communication skills with engineering, legal, compliance, and executive stakeholders.
- Data‑driven mindset; ability to define and track security KPIs.
- Familiarity with regulatory frameworks (e.g., GDPR, SOC 2, ISO 27001) and industry standards.
**Required Education & Certifications:**
- Bachelor’s degree in Computer Science, Information Security, Engineering, or related field (required).
- Master’s degree or MBA preferred.
- Relevant certifications such as CISSP, CISM, CSSLP, GSEC, or equivalent (highly desirable).