Product Security Risk Management Consultant

As a Director of Product Security Risk Management & Compliance for Dematic you will be critical to the advancement of security throughout the company, enabling the success and growth of the business in an environment of increasing demands for comprehensive and robust product security. Under the Vice President of Global Product Security, you will be responsible for the implementation of a comprehensive product security risk management strategy that identifies, quantifies, and effectively manages risk, while enabling the business through flexible and efficient risk mitigation/reduction mechanisms. You will closely collaborate with technology, product, and organizational leadership to define Dematic’s risk management framework, while overseeing compliance with all relevant regulatory requirements. You will provide best-in-class guidance and vision, while passionately pursuing personal and organizational excellence in the field of risk management. As an invaluable member of a highly collaborative organization that is dedicated to serving with the utmost in excellence and integrity, you will be ever growing in domain expertise and the skills necessary to equip our team to protect our organization, our customers, and our communities.

What we offer:

• Career Development
• Competitive Compensation and Benefits
• Pay Transparency
• Global Opportunities

Learn More Here: https://www.dematic.com/en-us/about/careers/what-we-offer

Dematic provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

The base pay range for this role is estimated to be $161,625 - $225,000 at the time of posting. Final compensation will be determined by various factors such as work location, education, experience, knowledge, and skills.

Tasks and Qualifications:

What You Will do in This Role:

• Provide strategic and authoritatively informed product security risk management and compliance leadership to globally distributed product development, execution, sales, and support organizations across Dematic.
• Define, implement, and operationalize a comprehensive strategy that identifies, quantifies, and effectively manages product security risk, while enabling the business through flexible and efficient risk mitigation/reduction mechanisms.
• Collaborate with technology, product, and legal to define and establish a product security risk management framework that aligns with industry standards and meets all relevant regulatory requirements.
• Lead the initiative to obtain industry certifications, such as ISO 27001, enabling business growth in an environment that increasingly expects and demands security certification.
• Champion and lead all product security regulatory compliance initiatives across Dematic globally, including the EU Cyber Resilience Act (CRA).
• Lead assessment and audit activities across all Dematic business entities / sites.
• Maintain continuous engagement with product security compliance industry.
• Build and maintain high-trust, highly collaborative relationships with teams and individuals in product development, product management, corporate security and compliance, and across the organization in general.
• Engage with product management, customer sales/support, and other functions to further business development from a security perspective.
• Engage with customers directly as required by project leadership.
• Internationally and domestically travel as required to meet business objectives, up to 20%.

What We Are Looking For:

• 12+ years hands-on experience in diverse and demanding product development and business environments, providing leadership and technical guidance regarding security, privacy, and/or regulatory compliance, including at least 7 years in security compliance leadership.
• Extensive experience applying generally accepted risk management principles in cloud-based product / software development business environments that fully embrace a DevSecOps philosophy.
• Experience preparing and successfully leading large, global product development businesses through industry standard security certifications, preferably ISO/IEC 27001 or IEC 62443 certification.
• Deep practical knowledge of and experience working with security compliance regulations, especially those employed in the European Union and United States, including CRA, GDPR, NIS/NIS2, and IEC 62443.
• Highly capable of effectively building, leading, teaching, mentoring, and inspiring a globally distributed team of diverse, extraordinarily skilled engineers, analysts, and assessors.
• Expertise in public cloud security models, standard methodologies, and compliance frameworks/regulations.
• Expertise in the application of efficient zero trust security models to meet security and compliance requirements while providing the flexibility needed to enable the business to flourish.
• Outstanding project management skills, with the ability to lead initiatives across multiple teams.
• Proven ability to successfully lead in the face of complex risk environments.
• Strong ability to recognize the relative value of various contending risk mitigation strategies and make wise, business-conscious tradeoffs.
• Highly flexible and comfortable making decisions in environments with various degrees of uncertainty.
• Preference for and ability to thrive in highly collaborative work environments.
• Passionate and quick learner.
• Dedicated, highly motivated, enthusiastic and relentless pursuer of quality and successful outcomes that benefit the broader team, organization, and community.
• Resilient and ever optimistic in the face of challenges and significant obstacles.
• Open and direct communicator.
• Outstanding written and spoken communication skills.
• Proven ability to present persuasive arguments and complex information before technical and non-technical leadership, including executive leadership.
• Experience giving industry conference presentations a significant plus.
• Bachelor’s degree in business, finance, accounting, engineering, computer science or other relevant discipline. Graduate degree is a plus. Equivalent experience may be substituted.
• Industry recognized and highly respected relevant certifications are highly desirable