Director of Product Security Governance & Compliance

About The Position

Requirements

• 10+ years in product security, cybersecurity governance, or compliance within software and/or hardware technology companies.
• 5+ years of leadership experience, including managing managers.
• Demonstrated experience building governance frameworks across both software and embedded/hardware product environments.
• Strong working knowledge of EU Cyber Resilience Act (CRA) and related frameworks (e.g., NIS2, ISO/IEC 27001, IEC 62443, ETSI EN 303 645).
• Experience translating regulatory and standards requirements into engineering controls and operational processes.
• Proven track record partnering with engineering, firmware, hardware, legal, and go-to-market teams.
• Strong executive communication skills with experience presenting to senior leadership.
• Deep program management experience leading large-scale, cross-functional initiatives.

Nice To Haves

• Experience in a Fortune 500 or similarly complex multinational organization.
• Background in connected devices, IoT, or industrial systems.
• Familiarity with SBOM generation/management, vulnerability management platforms, and secure build pipelines.
• Experience supporting regulatory audits and product certifications (e.g., CE marking, FIPS, Common Criteria).
• Relevant certifications (e.g., CISSP, CISM, CRISC).

Responsibilities

• Define and maintain a unified product security policy framework spanning cloud software, on-prem platforms, firmware, and hardware devices.
• Establish control objectives and standards aligned to secure SDLC, secure firmware development, hardware root of trust, SBOM, vulnerability management, and product lifecycle security.
• Ensure policies are embedded into engineering systems (CI/CD, PLM, release gates) and are measurable and enforceable.
• Act as the internal authority on EU Cyber Resilience Act (CRA), including applicability to software, firmware, and connected devices.
• Interpret and decompose regulatory requirements into actionable engineering, manufacturing, and support controls.
• Lead enterprise-wide CRA readiness, including gap assessments, remediation programs, and technical documentation requirements (e.g., conformity assessments, CE marking support).
• Monitor evolving global regulations (e.g., NIS2, RED Delegated Act, U.S. EO 14028 implications) and adapt governance strategy accordingly.
• Build and scale a global product compliance program covering both software delivery pipelines and hardware manufacturing lifecycles.
• Define KPIs/KRIs and maturity models; implement dashboards for executive visibility.
• Oversee internal/external audits, regulatory inquiries, and evidence management across engineering and manufacturing systems.
• Ensure traceability from policy → control → implementation → evidence (including SBOM, VEX, and vulnerability disclosure processes).
• Lead a team of managers across governance, risk, and compliance domains.
• Establish operating models that scale across business units and geographies.
• Drive talent development, succession planning, and organizational maturity.
• Integrate controls into SDLC, toolchains, and design processes with Engineering (software, firmware, hardware).
• Align security requirements with product roadmaps and customer commitments with Product Management.
• Align regulatory interpretation, risk posture, and disclosures with Legal & Compliance.
• Support customer assurance, RFPs, and contractual obligations with Sales & Customer Success.
• Align vulnerability intake, disclosure, and remediation SLAs with Support & PSIRT.
• Ensure component-level security, supplier requirements, and product integrity with Manufacturing & Supply Chain.
• Lead complex, multi-year regulatory and compliance programs with global scope.
• Drive prioritization, risk management, and dependency resolution across a matrixed organization.
• Deliver clear executive reporting on posture, risks, and remediation progress.

Benefits

• Medical, dental and vision
• Health Savings Account
• Health Care and Dependent Care Flexible Spending Accounts
• Life, Accident, Disability insurance
• Business Travel Accident and Business Travel Health
• 401(k) Plan
• Flexible Time Off, Paid Holidays
• Paid Family Leave
• Discounts, Perks
• Tuition Reimbursement
• Adoption Assistance
• ESPP (Employee Stock Purchase Plan)