Product Security Manager II

Credit Acceptance is proud to be an award-winning company with local and national workplace recognition in multiple categories! Our world-class culture is shaped by dedicated Team Members who share a drive to succeed as professionals and together as a company. A great product, amazing people and our stable financial history have made us one of the largest used car finance companies nationally.

Our Engineering and Analytics Team Members utilize the latest technology to develop, monitor, and maintain complex practices that help optimize our success.  Our Team Members value being challenged, are encouraged to express their ideas, and have the flexibility to enjoy work life balance.  We build intrinsic value by partnering with all functions of our business to support their success and make strategic business decisions.  We focus on professional development and continuous improvement while enjoying a casual work environment and Great Place to Work culture!

Outcomes and Activities:

• This position will work from home; occasional planned travel to an assigned Southfield, Michigan office location may be required.  However, this position is permitted to work at a Southfield, Michigan office location if requested by the team member.
• Leads and mentors team members on product security including both application and platform security
• Integrates security testing and automation into “Golden Path”
• Collaborates with cloud engineers to ensure environment is designed and configured securely
• Reports vulnerabilities to Vulnerability Management team while working with developers and engineers to perform risk assessment and remediate
• Ensures Security Operations has appropriate telemetry needed to monitor for threats
• Documents attack surface and risks through SCA and SBOMs
• Leads security champion effort within development and platform engineering
• Provides security training to key engineering resources
• Identifies friction points and collaborates with Engineering team members to alleviate
• Participates in work planning processes to ensure the most important work is aligned to the appropriate team, that work is broken down enough that outcomes can be delivered incrementally
• Leads and mentors cross functional team members on securing world class products that deliver customer delight and business value
• Builds effective teams by ensuring you have the right people and setting clear expectations
• Monitors and evaluates team performance and continuously coach and mentor team members
• Sets up your team for operational success by having a sound understanding on the system ecosystem, architecture, technologies and system domains and how these are used to achieve business outcomes
• Is an active participant in on-call escalation and incident management

Competencies:

• Customer Empathy: Customer Empathy is the ability to understand the perspectives, pain points, and experiences of customers. It involves actively putting oneself in the customer’s shoes, comprehending their needs and challenges, and using that understanding to provide a better, more customer-centric experience.
• Engineering Excellence: Engineering Excellence is about bringing great craftsmanship and thought leadership to deliver an outstanding product that delights customers and solves for the business. This involves the pursuit and achievement of high standards, best practices, innovation, and superior solutions.
• One Team: A One Team mindset refers to a collaborative approach across the organization, where individuals work together seamlessly, without boundaries, as a single, cohesive team. Shared goals, open communication and mutual support create a sense of collective purpose. This enables teams to navigate challenges and pursue shared objectives more effectively.
• Owner’s Mindset: Owner’s Mindset involves adopting a set of behaviors that reflect a sense of responsibility, accountability, strategic thinking, and a proactive approach to managing your domain. As an owner, you understand the business and your domain(s) deeply and solve for the right outcome for the domain(s) and the business.

Requirements:

• Bachelor’s Degree or equivalent experience
• 10+ years of information security experience
• Minimum of 5 years’ experience leading product/application security teams
• Strong experience leveraging automation and integration
• Strong experience with scanning tools including SAST, DAST and IAST
• Experienced in Software Composition Analysis and creating SBOMs, securing cloud applications specifically in AWS, and cloud security strategies including posture management tools (CSPM, DSPM) and incident response
• Proven experience in technical leadership, capable of providing mentorship, cross-functional project execution, setting and executing on technical vision and strategy
• Experience in microservices design strategies and implementation including migration planning, service granularity, interservice communication, traceability, orchestration, and failure isolation
• Experience with cloud migrations and working in a mixed on-prem / cloud environment (container orchestration, security, serverless)

Preferred:

• Track record of identifying opportunities to improve outcomes via new tools and approaches, evaluating and measuring candidate solutions, and successfully advocating for their adoption
• Experience with RASP tools
• Experience in DevSecOps

Knowledge and Skills:

• Application Security: Ability to understand and implement controls throughout the application lifecycle from static scanning to run-time defense
• Cloud Security: Understanding of cloud environment, tech stack and inherent risks of cloud environment
• Thought leader with deep technical expertise with the proven ability to influence and partner with business to innovate and drive outcomes
• Ability to communicate complex technical information (both verbal and written) to all levels, including senior leadership
• Ability to solve problems at the source by offering simple, working solutions
• Ability to anticipate the impact of a change or project across multiple systems
• Responds promptly and effectively to resolve incidents, tasks, and projects
• Demonstrated ability and motivation to teach others
• Ability to gain trust of others and builds solid relationships across and vertically throughout the organization
• Effectively prioritize and execute tasks in a high-pressure environment

Target Compensation: A competitive base salary range from $180,000 $220,000.  This position is eligible for an annual variable bonus of cash and equity, between 15-30%. Final compensation within the range is influenced by many factors including role-specific skills, depth and experience level, industry background, relevant education and certifications. 

Candidates who reside in the following major metropolitan areas may be eligible for a premium on top of the posted range based on their specific zone: San Francisco, Seattle, Boston, New York City, Los Angeles and San Diego. 
 

INDENGLP

#zip

#LI-Remote

Benefits

• Excellent benefits package that includes 401(K) match, adoption assistance, parental leave, tuition reimbursement, comprehensive medical/ dental/vision and many nonstandard benefits that make us a Great Place to Work 

Our Company Values:

To be successful in this role, Team Members need to be:

• Positive by maintaining resiliency and focusing on solutions
• Respectful by collaborating and actively listening
• Insightful by cultivating innovation, accumulating business and role specific knowledge, demonstrating self-awareness and making quality decisions
• Direct by effectively communicating and conveying courage
• Earnest by taking accountability, applying feedback and effectively planning and priority setting

To create an environment where people do their best work, we focus on the dimensions of Organizational Health. All leaders must:

• Identify the Right People by recognizing top talent
• Set Clear Expectations by managing change and directing others
• Train team members and focus on developing talent
• Performance Manage by ensuring accountability and driving results
• Create the Right Environment by establishing trust and managing conflict
• Maintain the Right Number of team members needed to build an effective team

Expectations:

• Remain compliant with our policies processes and legal guidelines
• All other duties as assigned
• Attendance as required by department

Advice!

We understand that your career search may look different than others. Our hiring team wants to make sure that this would be a fit not just for us, but for you long term.  If you are actively looking or starting to explore new opportunities, send us your application!

P.S.

We have great details around our stats, success, history and more.  We’re proud of our culture and are happy to share why – let’s talk!

Required degrees must have been earned at institutions of Higher Education which are accredited by the Council for Higher Education Accreditation or equivalent.

Credit Acceptance is dedicated to providing a safe and inclusive working environment for all. As part of our Culture of Compliance, we are proud to be an Equal Opportunity Employer and value our culturally diverse workforce. All qualified applicants will receive consideration for employment regardless of the person’s age, race, color, religion, sex, gender, sexual orientation, gender identity, national origin, veteran or disability status, criminal history, or any other legally protected characteristic.

California Residents: Please click here for the California Consumer Privacy Act (CCPA) notice regarding the personal information Credit Acceptance may collect from you.

Play the video below to learn more about our Company culture.