AI Product Security Manager

Thomson ReutersToronto, ON
CA$140,000 - CA$175,000Hybrid

About The Position

Thomson Reuters is seeking an AI Product Security Manager to lead their Product Security Core team. This role involves overseeing a group of senior engineers responsible for scaling security across the company's product portfolio. The manager will own the Secure Software Development Lifecycle (SSDLC) for products, encompassing threat modeling, security testing, software supply chain integrity, vulnerability identification and remediation, and secure design patterns. A key responsibility will be leading the Secure AI program for AI-powered features, including review, red-teaming, and production protection of AI capabilities. The position requires close collaboration with various engineering and security teams to ensure a seamless developer experience through self-service tools, automation, APIs, and AI-powered security capabilities. The role is based in Toronto with a hybrid work model.

Requirements

  • 8+ years of experience in product security, application security, or software security engineering, including experience leading or managing senior security engineers.
  • Demonstrated ownership of a Secure SDLC program across a multi-product engineering organization, including threat modeling, secure design, security testing, vulnerability management, and software supply chain security.
  • Hands-on experience with at least one major cloud platform, such as AWS, Azure, or Google Cloud, including identity, networking, secrets management, data protection, and logging.
  • Strong software engineering instincts, with the ability to read and write code in Python, Go, or similar languages and engage credibly with senior engineers on design and implementation.
  • Working knowledge of GenAI and LLM security, including prompt injection, model and data integrity, agent and tool-use security, and AI supply chain considerations.
  • Experience scaling security through developer-friendly tools, APIs, automation, self-service platforms, and CI/CD-native controls.
  • Excellent written and verbal communication skills, with the ability to influence senior engineering leaders and translate technical risk into business decisions.

Nice To Haves

  • Hands-on familiarity with Google Cloud security.
  • Experience securing AI/ML platforms, such as Claude Agent SDK, Vertex AI, SageMaker, Bedrock, Azure AI, or self-hosted environments.
  • Experience building or operating AI security capabilities, including AI red teaming, automated threat modeling, LLM security testing, or AI agents for security automation.
  • Knowledge of software supply chain security, including SBOM, SLSA, provenance, attestation, and workload identity.
  • Familiarity with industry frameworks such as OWASP ASVS/SAMM, NIST CSF and SSDF, OWASP LLM Top 10, and MITRE ATLAS.
  • Experience with security at scale across containers, Kubernetes, Infrastructure as Code such as Terraform or CDK, and modern CI/CD environments.
  • Relevant security certifications such as OSCP, OSWE, CKA/CKS, GCP Professional Cloud Security Engineer, or AWS Security Specialty.
  • Industry contributions such as open-source projects, conference talks, working group participation, including CoSAI or OWASP, or research publications.

Responsibilities

  • Lead and grow the Product Security team, managing, coaching, and developing a team of senior Product Security Engineers covering the full Secure SDLC across Thomson Reuters' product portfolio.
  • Own and execute the Product Security program, including threat modeling, secure design, secure code reviews, security testing, software supply chain security, and vulnerability remediation across multiple products and cloud platforms.
  • Lead Secure AI for products, defining how Thomson Reuters secures AI-powered customer features through Secure AI design reviews, AI red teaming, runtime protections, and actionable security patterns.
  • Build and operate security automation and AI-enabled capabilities, including automated threat modeling, AI remediation agents, LLM security testing, and MCP-based capabilities for engineering teams.
  • Scale security as a developer experience by delivering self-service security tooling, APIs, CI/CD-native controls, clear standards, implementation guidance, and security champion programs.
  • Operate a security data and analytics layer that supports risk-based prioritization and measurable security outcomes across the enterprise.
  • Partner across security, engineering, and the business to align priorities, support compliance requirements, and translate technical risk into business impact for senior leaders.

Benefits

  • Flexible vacation
  • Two company-wide Mental Health Days off
  • Access to the Headspace app
  • Retirement savings
  • Tuition reimbursement
  • Employee incentive programs
  • Resources for mental, physical, and financial wellbeing
  • Hybrid Work Model (2-3 days a week in the office)
  • Flex My Way policies for managing personal and professional responsibilities
  • Work from anywhere for up to 8 weeks per year
  • Grow My Way programming for career development
  • Two paid volunteer days off annually
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service