Principal Product Manager - Security and Compliance

About CloudBees

CloudBees provides the leading software delivery platform for enterprises, enabling them to continuously innovate, compete, and win in a world powered by the digital experience. Designed for the world's largest organizations with the most complex requirements, CloudBees enables software development organizations to deliver scalable, compliant, governed, and secure software from the code a developer writes to the people who use it. 

CloudBees was founded in 2010 and is backed by Goldman Sachs, Morgan Stanley, Bridgepoint Credit, HSBC, Golub Capital, Delta-v Capital, Matrix Partners, and Lightspeed Venture Partners. Visit www.cloudbees.com and follow us on Twitter, LinkedIn, and Facebook. 

Why this position? 

This specific opening is for an exceptional candidate to work with our partners to build a compelling Security & compliance offering that is fully integrated into the SDLC, providing our customers the ability to build faster and stay secure by automating the control assurance activities revolving around the CI/CD workflows and providing evidence as a service. 

According to Gartner, by 2026, 70% of enterprises will have integrated compliance as code into their DevOps toolchains, reducing risk management and improving lead time by at least 15%.

Hence this is a significant opportunity to drive a positive transformation across the DevSecOps landscape delivering value to our customers. You will leverage your skills as a security and compliance expert, strategic thinker, data-driven decision-maker, and tactical execution master to drive the product towards further adoption and revenue growth.

What the Role Requires

• Solid understanding of how developers and security teams use popular security scanners like Checkmarx, Snyk,  Wiz, Tenable, Palo Alto Prisma (Twistlock), Black Duck (Synopsys) and more.
• Good understanding of AWS, Google, Microsoft Azure clouds
• Demonstrated expertise in cybersecurity with a thorough understanding of the latest trends, solutions, and best practices in the industry e.g. Application Security Posture Management (ASPM), Continuous Cyber and IT controls monitoring (CCM)
• Thorough understanding of compliance frameworks like NIST and FedRAMP and the audit process around demonstrating compliance effectively.
• Practical experience of the System Development Life Cycle, Software Development Life Cycle, and Agile framework
• Expertise in risk analysis, threat modeling, and vulnerability assessments
• Experience in coordinating with diverse cross-functional teams, including software engineers, designers, and stakeholders to drive the necessary outcomes.
• Strong technical abilities and a track record of working through complex technical problems. Strong troubleshooting and problem-solving skills.
• Excellent communication skills, both written and verbal, to effectively convey complex technical concepts to non-technical stakeholders
• Demonstrated understanding of the techniques and methods of modern product discovery, design and product delivery.
• 5+ years working on technology-powered products as a product manager.
• Demonstrated ability to learn multiple functional areas of business – engineering, design, finance, sales, or marketing.
• Proven ability to engage with engineers, designers, and company leaders in a constructive and collaborative relationship (especially in a remote environment).
• Proven ability to think with a platform mindset, considering not only direct customer value, but also indirect customer value, by enabling all other products to be more impactful when leveraging your capability.
• Proven ability to convert specific customer requirements into extensible and reusable platform capability. 

It would be desirable, but not essential, if you also had one or more of

• Practical experience of ISO27001/27004/27005 or NIST Risk Management Framework (RMF);
• Experience in security accreditation e.g. PCI-DSS, FedRAMP, SSDF (NIST SP800-218), FISMA/NIST SP800-53, ISO 27001, DORA
• Cyber security certification e.g. Certified Information System Security Professional (CISSP), Cloud Certified Security Professional (CCSP)

What you will do

• Own the “why” for your product.
• Understand and synthesize the corporate objectives, customer/user pains, industry trends, current customer/user behavior, and anything else that can provide context to drive the product team’s decision-making.
• Partner with design, engineering, and documentation to deliver a product that achieves the desired business outcomes.
• Collaborate with and enable all internal stakeholders including: sales, marketing, customer support, finance, legal; and represent them when they’re not in the room.
• Partner with other product teams to drive corporate objectives.
• Communicate verbally and through writing with anyone and everyone interested in your product for whatever reason.
• Define product specs, user stories, mockups, and acceptance criteria in collaboration with other your team of PMs, engineering or independently
• Develop a deep understanding of the market landscape and identify key areas of competitive differentiation and market disruption
• Contribute actively to the creation and refinement of CloudBees product's cybersecurity features, maintaining a deep understanding of emerging technologies and industry best practices
• Conduct regular security analysis and threat assessments, identifying vulnerabilities and potential improvements in the product's security
• Generation of technical marketing requirements documents and creation of product roadmaps
• Collaborate closely with CloudBees cybersecurity team to develop comprehensive security measures and strategies for the product, ensuring alignment with organizational objectives

Scam Notice

Please be aware that there are individuals and organizations that may attempt to scam job seekers by offering fraudulent employment opportunities in the name of CloudBees. These scams may involve fake job postings, unsolicited emails, or messages claiming to be from our recruiters or hiring managers. Please note that CloudBees will never ask for any personal account information, such as cell phone, credit card details or bank account numbers, during the recruitment process. Additionally, CloudBees will never send you a check for any equipment prior to employment.

All communication from our recruiters and hiring managers will come from official company email addresses (@cloudbees.com) or from Paylocity and will never ask for any payment, fee to be paid or purchases to be made by the job seeker. If you are contacted by anyone claiming to represent CloudBees and you are unsure of their authenticity, please do not provide any personal/financial information and contact us immediately at tahelp@cloudbees.com.

We take these matters very seriously and will work to ensure that any fraudulent activity is reported and dealt with appropriately. If you feel like you have been scammed in the US, please report it to the Federal Trade Commission at: https://reportfraud.ftc.gov/#/.

In Europe, please contact the European Anti-Fraud Office at:  https://anti-fraud.ec.europa.eu/olaf-and-you/report-fraud_en 

Signs of a Recruitment Scam

· Ensure there are no other domains before or after @cloudbees.com.  For example:  “name.dr.cloudbees.com”

· Check any documents for poor spelling and grammar – this is often a sign that fraudsters are at work.

· If they provide a generic email address such as @Yahoo or @Hotmail as a point of contact.

· You are asked for money, an “administration fee”, “security fee” or an “accreditation fee”.

- You are asked for cell phone account information. 

#LI-Remote