IriusRisk is the industry leader in automated threat modeling and secure software design, working with clients that include four of the top 10 Globally Systemically Important Banks (G-SIBs). Every sector of the global economy is being transformed by software, yet vulnerabilities are too often exposed by increasingly sophisticated cyber-attacks. By identifying security flaws in software architecture at the design phase, threat modeling makes it possible to fix issues before code is written.

IriusRisk’s platform automates the threat modeling process, enabling developers to design and build secure software. At scale.

Purpose of the Role

As a Head of Product Security, your role is to ensure the security and integrity of the organization’s products and systems. You will be responsible for establishing and leading the product security program, implementing security measures, and driving a culture of security throughout the product development lifecycle. Your goal is to protect customer data, mitigate security risks, and ensure compliance with industry standards and regulations. You will feedback and lead the product teams on security features of our products and will lead security issue remediation efforts by owning the coordination and communications with internal and external stakeholders.

At IriusRisk, security is divided into two distinct areas: Corporate Security and Product Security, each with clearly defined responsibilities. This role falls under the Product Security domain.

Duties & Responsibilities

Product Security Strategy and Program:

• Develop and implement a comprehensive product security strategy and program aligned with the organization’s goals and objectives.
• Define security policies, standards, and guidelines for product development and deployment.
• Establish security controls, processes, and frameworks to protect against potential threats and vulnerabilities.
• Drive our cross-functional teams to integrate security into the product development lifecycle.

Threat Modeling and Risk Assessment:

• Conduct threat modeling and risk assessments to identify and prioritize potential security risks and vulnerabilities.
• Drive the development teams to define and implement effective security controls and countermeasures.
• Monitor and assess emerging security threats and industry trends to proactively address potential risks.
• Work closely with security teams to ensure alignment with the overall security posture of the organization.

Secure Development Practices:

• Promote and enforce secure coding practices, architectural principles, and development guidelines.
• Provide guidance and support to development teams in implementing secure coding techniques and security best practices.
• Conduct code reviews and security assessments to identify and remediate security vulnerabilities.
• Foster a culture of security awareness and accountability among development teams.

Security Testing and Incident Response:

• Define and implement security testing methodologies, including penetration testing and code reviews.
• Collaborate with QA teams to integrate security testing into the overall testing strategy.
• Develop and maintain incident response plans and procedures to effectively respond to security incidents and breaches.
• Investigate security incidents and vulnerabilities, conduct root cause analysis, and drive appropriate remediation measures in a timely manner.

Compliance and Governance:

• Ensure compliance with relevant industry standards, regulations, and privacy requirements.
• Collaborate with legal and compliance teams to define and implement security policies and procedures.
• Conduct security audits and assessments to evaluate compliance with security standards and guidelines.
• Stay updated with evolving security regulations and industry best practices to maintain a robust security posture.

What We Offer

📍 100% remote working.

🕺🏻 Excellent working environment.

🔑 Work in a highly qualified professional team with world-class references in the Threat modeling sector

🔭 Real career development opportunities within the company.

🎯 We focus on the ‘Do it well’ culture and are not afraid to invest in doing things right the first time.

📚 Training and certifications related to your role.

♾️ Horizontal business culture

📢 ´+92% employee retention rate

Requirements:

Essential Skills

• Strong knowledge of software security principles, best practices, and industry standards.
• Deep knowledge of security frameworks and methodologies, such as OWASP or NIST.
• Strong knowledge of ISO 27001 controls and its deployment / follow-up.
• In-depth understanding of secure coding practices and common vulnerabilities, such as injection attacks, XSS, and CSRF.
• Proficiency in threat modeling and risk assessment techniques.
• Demonstrated expertise in AWS Cloud Security, with a deep understanding of securing cloud environments and implementing industry best practices.
• Strong analytical and problem-solving skills, with the ability to analyze complex security issues and provide effective solutions.
• Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams and stakeholders.
• Strong organizational and time management skills, with the ability to handle multiple projects and priorities simultaneously.

Desired Experience

• Bachelor’s or master’s degree in computer science, engineering, or a related field.
• Proven experience (4+ years) in product security or a similar role.
• Experience in defining and implementing product security programs in a complex environment.
• Familiarity with secure development practices, secure coding techniques, and security testing methodologies.
• Knowledge of secure cloud architecture and security controls in cloud environments.
• Experience with threat modeling tools and security assessment tools.
• Familiarity with industry regulations and compliance requirements, such as GDPR or HIPAA.

Person Requirements

• Strong leadership and decision-making abilities, with a focus on driving a culture of security.
• Ability to work well under pressure and meet deadlines in a fast-paced environment.
• Collaboration and teamwork skills, with the ability to work effectively with cross-functional teams.
• Continuous learner with a passion for staying updated with emerging technologies and industry trends.
• Strong commitment to security and a customer-centric approach to product security.
• Excellent communication and interpersonal skills to effectively collaborate with team members and stakeholders.