Director, Cyber Product Security

SailPoint•Austin, TX

10d•Remote

About The Position

Overview SailPoint’s Cybersecurity organization is seeking a leader with a passion for cybersecurity and protecting the organization. The successful candidate will serve as our Director of Cyber Product Security and will lead a team of security engineers who collaborate with stakeholders across the organization. Their mission is to secure technology platforms developed by SailPoint, including customer-facing platforms, as well as software platforms developed primarily for internal business purposes. We’re seeking a leader with proven technical capabilities and experience leading people and teams. They are accustomed to achieving objectives through the leadership of others as well as working in a highly collaborative environment. The Director will be responsible for addressing all dimensions of product cyber security – people, process, and technology – to achieve our objectives. The new Director of Product Security will lead an existing and capable team of both emerging and established talent. The chosen candidate will help shape our strategy and future in collaboration with the rest of the Cyber leadership team, and will also collaborate with SailPoint’s Engineering Security team, Information Technology, Marketing and other internal stakeholders. Central to SailPoint’s product security program will be the implementation of a shared security model that impacts all software developed by SailPoint. Under this shared security model, the Product Security team is responsible for multiple key areas affecting product security, collaborating with the Engineering Security team on areas of mutual responsibility, as well as providing specific security services related to product security. The Director will have the opportunity to shape our future through process and technology optimization, capability acquisition and development, and maturation of our existing activities. They’ll already be comfortable with the 4 I’s at SailPoint (individual, Impact, Innovation, and Integrity) even if they’re new to the concept. They will embrace new challenges and will be a positive contributor to an already positive work culture and environment. This is a challenging and impactful role where you will have the opportunity to work with both internal and external stakeholders, drive the continuous improvements of our security program, contribute meaningfully to the security of the global cyber ecosystem, and serve as an ambassador for SailPoint to our customers and the public. This role reports directly to the Deputy CISO and can be remote or based in Austin, TX.

Requirements

7+ years in leadership roles, preferably in product or application security.
Experience with secure software development practices and tools.
Experience with regulatory frameworks (e.g., NIST, ISO 27001, GDPR).
Strategic Vision & Execution - Ability to define and communicate a clear vision for product security and resilience aligned with enterprise goals.
Influence & Collaboration – Demonstrable experience building strong partnerships across an organization to drive secure-by-design culture.
Technical Leadership - Understanding of product security issues, modern software development including multi-cloud architectures, Kubernetes, and software bill of materials (SBOM).
Manage entire lifecycle of security researcher findings, customer reported security questions, issues, incidents, associated CVE’s.
Change Management – Experience leading organizational change initiatives to embed security and resilience into product development lifecycles.
Experience building relationships with software engineering teams, including managing mature product security including final security reviews, and, risk-driven product scoring/metrics.
Talent Development - Demonstrable experience building high-performing teams through coaching, mentoring, and career development.
Risk-Based Decision Making – Experience making informed decisions through balancing business priorities, technical constraints, and risk exposure.
Executive Communication – Experience communicating complex technical concepts and ongoing program updates clearly to non-technical stakeholders and executive leadership.

Nice To Haves

Knowledge of artificial intelligence software security frameworks is preferred, including OWASP AI Security and Privacy Guide, NIST AI Risk Management Framework, Cybersecurity AI (CAI), Open SSF AI/ML Security Framework.

Responsibilities

Develop and lead the Cyber Product Security team in alignment with business goals and regulatory requirements.
Build and mentor a high-performing team of cyber product security architects, engineers, and software security specialists.
Lead Cyber Product Security’s collaboration with Engineering Security on the establishment and maturation of product security standards, secret management standards, architecture patterns and threat modeling practices, as well as resilient product technology frameworks.
Collaborate with Engineering Security to integrate security tooling and practices into SailPoint’s SDLC and CI/CD pipelines, including the adoption of security automation, SBOM tooling, and AI coding security practices.
Provide SAST/SCA, DAST, IAST, and SBOM support for software platforms developed for internal SailPoint use cases.
Provide threat modeling, penetration testing services for software platforms developed for internal SailPoint use cases.
Collaborate with Engineering Security on penetration testing of SailPoint’s customer-facing platforms, as well as coordinate all requests for customer-performed penetration tests of SailPoint’s platform.
Lead Product Security Incident Response Team (PSIRT) activities across all software products developed by SailPoint, including customer-facing, as well as internally-focused software platforms.
Lead SailPoint’s bug bounty program, requests for CVE’s for SailPoint’s products, as well as questions from 3rd party vendors and customers on product security issues.
Collaborate with Engineering Security to implement developer security training on topics including secure coding practices, open source licensing policies, and AI-coding policies and standards.
Develop a program to validate that product security policies, standards, and procedures are implemented by all SailPoint teams developing SailPoint software platforms.
Monitor emerging threats, technologies, and compliance trends to proactively evolve the security posture of all software developed by SailPoint.
Collaborate with SailPoint’s Legal, Compliance, and GRC teams to ensure alignment with global regulations, standards and certifications.
Define and track KPIs to measure program effectiveness and maturity.

Benefits

Health and wellness coverage: Medical, dental, and vision insurance
Disability coverage: Short-term and long-term disability
Life protection: Life insurance and Accidental Death & Dismemberment (AD&D)
Additional life coverage options: Supplemental life insurance for employees, spouses, and children
Flexible spending accounts for health care, and dependent care; limited purpose flexible spending account
Financial security: 401(k) Savings and Investment Plan with company matching
Time off benefits: Flexible vacation policy
Holidays: 8 paid holidays annually
Sick leave
Parental support: Paid parental leave
Employee Assistance Program (EAP) and Care Counselors
Voluntary benefits: Legal Assistance, Critical Illness, Accident, Hospital Indemnity and Pet Insurance options
Health Savings Account (HSA) with employer contribution