Infoblox - Tacoma, WA
posted about 2 months ago
Full-time - Senior
Tacoma, WA
Web Search Portals, Libraries, Archives, and Other Information Services
About the position
The Director of Product Security and Compliance at Infoblox is responsible for leading the Product Security Engineering (PSE) team, ensuring the secure delivery of product features, and managing compliance and risk across all customer products. This role involves collaboration with various stakeholders to maintain regulatory certifications and drive security initiatives, making it essential for the company's engineering organization.
Responsibilities
- Manage product security, compliance, and risk across all Infoblox customer products-both on-prem and SaaS
- Champion Infoblox's security efforts to create the most secure products in the space and evangelize the security that Infoblox products provide to our customers
- Establish a charter for best-in-class product security and drive Engineering teams toward achieving these ideals
- Work with stakeholders, including Engineering, IT, and Product Management, to define and ensure secure product reviews occur for both new and existing functionality
- Partner with stakeholders to define and execute the strategic direction for ensuring existing and new regulatory certifications are maintained
- Engage with Legal and Security Compliance on reviews of customer security contracts, respond to security risk questionnaires, and manage customer audit support
- Communicate progress by highlighting the accomplishments, risks, mitigation, and other pertinent key performance indicators that feed into Infoblox's overarching business strategy
- Facilitate continuous training programs for Engineering that reduce risk, ensure security training for all engineers to meet regulatory guidelines
- Drive product security metrics, allowing management to understand the maturity levels in various areas of product security
Requirements
- 20+ years of product security experience with 5+ years of that time in a leadership role
- 10+ years of hands-on threat research and intelligence
- 5+ years of risk management governance and expertise in building, maturing, and advancing information security programs
- 5+ years of management of security-focused engineers with a track record of development and mentorship
- 3+ years of experience driving modern technology projects
- 2+ years managing SOC2, FedRAMP, or ISO 27000 series audits
- Professional security management certification is highly desirable, such as CISSP or CISM
- Experience working within a global team structure
- Solid business analysis or financial modeling skills to run the analysis for various projects
- Ability to build, lead, and motivate a group of teams and resolve mitigating team conflict
