Head of Product Security

As Head of Product Security, you will own the global strategy and execution of security for all products, platforms, and AI-native services. This role spans product security, customer security, regulatory compliance, and emerging AI safety expectations. You will build and lead a world-class organization that embeds secure-by-design and responsible-by-design principles across the entire software and AI lifecycle.

You will be accountable for ensuring that our products, including AI-first capabilities meet the highest standards of security, resiliency, customer trust, and government-aligned requirements (including NSA, NIST, and global regulatory frameworks).

Product Security Leadership

• Define and execute the unified product security strategy across software, hardware, cloud, and AI‑native components.
• Own secure SDLC policies, tooling, and governance.
• Lead threat modeling, architecture reviews, penetration testing, secure coding programs, and vulnerability management.
• Manage PSIRT and coordinate incident response, disclosure, and communication.
• Lead security strategy for all AI‑native products, models, pipelines, and inference services.
• Define and enforce security standards for model training, evaluation, deployment, and lifecycle management.
• Establish AI security architectures, including isolation of model environments, secure data pipelines, runtime monitoring, and adversarial resilience.
• Build AI threat models covering model inversion, poisoning, jailbreaks, prompt injection, data leakage, insider misuse, and systemic AI risks.
• Implement red‑teaming and continuous adversarial testing for LLMs, generative AI systems, and autonomous features.
• Create secure‑by‑default frameworks for teams adopting AI, including guardrails, safe‑prompting patterns, and model hardening strategies.
• Partner with the Tech & AI Office to operationalize Responsible AI principles in real engineering workflows.
• Ensure SBOM‑equivalent transparency for AI (training data lineage, model versioning, evaluation results, compliance documentation).
• Oversee monitoring & detection for AI‑specific attacks (hallucination risk, output manipulation, unauthorized fine‑tuning, shadow models).
• Guide product teams on AI‑specific regulatory expectations (EU AI Act, NIST AI RMF, global AI assurance standards).

Customer Security & Trust

• Serve as executive point for customer security escalations, audits, and trust communications.
• Drive enterprise‑grade customer assurance programs for both classical and AI‑powered products.
• Partner with Sales, Customer Success, and Support to ensure security transparency and readiness.

Regulatory, NSA & Global Compliance Oversight

Ensure compliance with NSA‑aligned and NIST frameworks, including but not limited to:

• NIST SP 800‑53
• CNSS
• FedRAMP/DoD requirements
• NIAP/Common Criteria
• Lead emerging AI regulatory compliance (EU AI Act, AI model certification paths, high‑risk controls).
• Oversee audit execution, remediation, and continuous compliance automation.

Cross‑Functional Executive Leadership

• Closely partner with Engineering, Product, IT, CTO, Legal/Privacy, and Gov/Compliance.
• Provide executive‑level briefings on security, AI risk posture, and strategic investments.
• Represent the company with customers, government bodies, and industry groups.

Organizational Leadership

• Build and lead a high‑caliber global product + AI security organization.
• Define strategy, goals, KPIs, metrics, and long‑term roadmap.
• Cultivate a culture of innovation, excellence, accountability, and continuous improvement.

Required

• 12+ years in cybersecurity, product security, or security engineering, with deep leadership experience.
• Hands‑on leadership in securing AI/ML systems, pipelines, or products.
• Expertise across secure development, cloud security, and modern DevSecOps.
• Strong knowledge of NSA/NIST frameworks and government‑grade compliance.
• Experience in telecom, networking, cloud infrastructure, or high‑availability distributed systems.
• Executive‑level communication and stakeholder management.

Nice to Have

• Experience with LLM security, generative AI risk management, and AI governance frameworks.
• Advanced degree in CS, Security, AI/ML, or Engineering.