We are seeking a seasoned Senior Mgr/Director of Platform Product Management –
Security and Privacy
to lead our security and privacy initiatives across our FICO platform. This role is pivotal in ensuring our platform meets the highest standards of security, compliance, and operational excellence without becoming a policing function. The ideal candidate will bring deep expertise in security architecture, IAM, data protection, cloud security, and compliance, and will collaborate cross-functionally to embed security into the platform's DNA.
Key Responsibilities
Security Strategy & Roadmap: Define and drive the platform’s security product strategy, aligning with business goals and regulatory and customer requirements.
Cryptographic Services: Lead platform key management systems (KMS), certificate lifecycle management, and PKI infrastructure, secrets management platforms and drive BYOK/HYOK and customer-controlled key capabilities.
Encryption & Data Protection: Define comprehensive encryption frameworks including at rest, in transit, and in use.
Privacy & Compliance: Implement privacy-by-design principles and ensure adherence to global privacy regulations (e.g. GDPR, CCPA). Define requirements f. or FIPS 140-2, Common Criteria certification, and post-quantum cryptography readiness.
Security by Design: Collaborate with engineering, architecture, DevOps, and design teams to embed security into platform features and workflows from the ground up.
Operational Resilience: Define operational security practices including incident response, vulnerability management, and secure CI/CD pipelines.
Stakeholder Enablement & Metrics: Work with GTM teams to ensure security features are well-documented and leveraged in customer engagements. Define KPIs to measure platform security effectiveness.
Required Qualifications
10+ years of overall experience in the technology and security domains, with at least 7+ years specifically dedicated to Product Management for Security Products (e.g., Data Protection, IAM, Cloud Security, Vulnerability Management).
Hands-on experience with cryptographic services and secrets management (e.g., HashiCorp Vault), PKI/Certificate lifecycle management, and threat modeling. Proficiency with secure API gateways and enterprise IAM providers including Okta, Auth0, AWS IAM, and Entra ID (Azure AD).
Deep understanding of IAM and security frameworks and protocols including OIDC, SAML, SCIM, OAuth, FIDO, RBAC/ABAC and KMIP
Strong understanding of DevOps, CI/CD pipelines, and how security integrates into modern development workflows.
Bachelor's degree in computer engineering, Computer Science, or related technical field.