Director Product Security

Datasite is where deals are made. We provide the data rooms and SaaS technology used in M&A and other high-value transactions, to deliver projects in more than 170 countries. Carrying that success into the future is all about you. Your useful skills, your unusual experience, your unique ideas. Everyone here brings something unexpected. What’s yours? Invest your talents in us, and we’ll return the compliment.

Job Description:

The Director Product Security provides leadership and influences cybersecurity strategy across the product portfolio. The Director is responsible for helping secure Datasite products end to end, on time, and within budget. Reporting to the Chief Information Security Officer but embedded in the Datasite Product Organization, the Director works closely with software development, product owners, and engineering. The Director provides a holistic focus across infrastructure, application security, vulnerability management and third-party partnerships and dependencies. Additionally, the director instills a secure-by-design and security-first mission to ensure Datasite products are less vulnerable. The director works in lockstep with Security and Technology leadership and is united in a common goal of building functional, reliable, and secure products.

The Director Product Security has a highly visible role interfacing across multiple organizational units and business concerns. The individual constantly assesses products for weaknesses and recommends ways to resolve them before they are exploited. When security findings are discovered, the director proactively communicates with technical and business leadership teams to ensure a focus on risk mitigation. Successful candidates in this role possess product development knowledge, technical skills, and business acumen. Individual must be able to effectively communicate complex topics. The Director understands how attackers think and their motives, while understanding corporate business objectives.

Duties and Responsibilities:

• Lead team of product engineers with product and application security reviews.
• Provide leadership and direction with security practices and methodologies in product security.
• Elevate team performance to keep pace with product iterations and ensure they are secure.
• Offer hands-on security and design support as needed across the product ecosystem.
• Develop a short- and long-term security design roadmap to improve processes and agility.
• Remove friction from complex manual processes through automation and outsourcing.
• Promote a positive security culture focused on collaboration and creating strong relationships.
• Adopt cybersecurity development frameworks, define/maintain policies and standards, and enforce them across all teams.
• Attend and participate in product meetings for security requirements with new and existing products.
• Develop partnerships aimed at improving product security practices and reducing cost.
• Serve as a central point of contact for product cybersecurity requirements, initiatives, and escalations.
• Participates in Datasite’s Privacy Information Management System (PIMS) committee.
• Enforce security standards and implementation configurations, as well as common security frameworks.
• Collaborate with security, IT, and product leadership across a suite of product features and capabilities.
• Communicate and recommend changes to the product ecosystem designed to mitigate security issues.
• Uphold product cybersecurity principles to meet compliance, privacy laws, and regulatory requirements.
• Perform other duties as assigned.

Qualifications:

• Preferably 2-plus years in a team lead, manager or similar leadership role in cybersecurity or application security.
• Understanding of OWASP, CVSS, the MITRE ATT&CK framework
• Experience with the software development lifecycle (SLDC) and product development lifecycle and process
• Ability to obtain and maintain technical team and business support to influence a collaborative effort to reduce attack surface while performing rapid, continuous implementation.
• Demonstrated technical prowess, along with proven experience leading high-performing cybersecurity or development teams.
• Proficient in application security, secure coding, APIs (Application Programming Interface), vulnerability management, threat modeling and risk management.
• Well-versed with application security tools, public cloud providers, CI/CD platforms, and container services.
• Experience managing internally developed, commercial, and third-party tools.
• Exemplary communication and leadership skills.

Education:

• Bachelor’s degree preferred in computer science, information assurance, engineering, or related field. Graduate business school degree highly desired.

Experience:

• 5-plus years with a combination of one or more in cybersecurity, application security or engineering.
• Desirable, one or more certifications (GWAPT, GWEB, GCSA, CISSP, CSSLP, CISM, CRISC.)

The base salary range represents the estimated low and high end for this position at the time of this posting. Consistent with applicable law, each candidate’s compensation offer may vary and will be determined based on but not limited to, your geographic region, skills, qualifications, and experience along with the requirements of the position.  Datasite reserves the right to modify this pay range at any time.

Salary Range - $124,290 - $215,600

As a global organization, Datasite knows that diverse perspectives are essential to our success. We’re committed to maintaining a diverse workforce to serve our customers around the world. Datasite is an equal opportunity employer (EEO) and furthers the principles of EEO through Affirmative Action.