Principal Product Manager - Security and Compliance

CloudBees provides the leading software delivery platform for enterprises, enabling them to continuously innovate, compete, and win in a world powered by the digital experience. Designed for the world's largest organisations with the most complex requirements, CloudBees enables software development organisations to deliver scalable, compliant, governed, and secure software from the code a developer writes to the people who use it.

This specific opening is for an exceptional candidate to work with our partners to build a compelling Security & compliance offering that is fully integrated into the SDLC, providing our customers the ability to build faster and stay secure by automating the control assurance activities revolving around the CI/CD workflows and providing evidence as a service. According to Gartner, by 2026, 70% of enterprises will have integrated compliance as code into their DevOps toolchains, reducing risk management and improving lead time by at least 15%. Hence this is a significant opportunity to drive a positive transformation across the DevSecOps landscape delivering value to our customers.

You will leverage your skills as a security and compliance expert, strategic thinker, data-driven decision-maker, and tactical execution master to drive the product towards further adoption and revenue growth.

• Solid understanding of how developers and security teams use popular security scanners like Checkmarx, Snyk, Wiz, Tenable, Palo Alto Prisma (Twistlock), Black Duck (Synopsys) and more.
• Good understanding of AWS, Google, Microsoft Azure clouds.
• Demonstrated expertise in cybersecurity with a thorough understanding of the latest trends, solutions, and best practices in the industry e.g. Application Security Posture Management (ASPM), Continuous Cyber and IT controls monitoring (CCM).
• Thorough understanding of compliance frameworks like NIST and FedRAMP and the audit process around demonstrating compliance effectively.
• Practical experience of the System Development Life Cycle, Software Development Life Cycle, and Agile framework.
• Expertise in risk analysis, threat modeling, and vulnerability assessments.
• Experience in coordinating with diverse cross-functional teams, including software engineers, designers, and stakeholders to drive the necessary outcomes.
• Strong technical abilities and a track record of working through complex technical problems.
• Strong troubleshooting and problem-solving skills.
• Excellent communication skills, both written and verbal, to effectively convey complex technical concepts to non-technical stakeholders.
• Demonstrated understanding of the techniques and methods of modern product discovery, design and product delivery.
• 5+ years working on technology-powered products as a product manager.
• Demonstrated ability to learn multiple functional areas of business – engineering, design, finance, sales, or marketing.
• Proven ability to engage with engineers, designers, and company leaders in a constructive and collaborative relationship (especially in a remote environment).
• Proven ability to think with a platform mindset, considering not only direct customer value, but also indirect customer value, by enabling all other products to be more impactful when leveraging your capability.
• Proven ability to convert specific customer requirements into extensible and reusable platform capability.

• Practical experience of ISO27001/27004/27005 or NIST Risk Management Framework (RMF);
• Experience in security accreditation e.g. PCI-DSS, FedRAMP, SSDF (NIST SP800-218), FISMA/NIST SP800-53, ISO 27001, DORA.
• Cyber security certification e.g. Certified Information System Security Professional (CISSP), Cloud Certified Security Professional (CCSP).

• Own the “why” for your product. Understand and synthesise the corporate objectives, customer/user pains, industry trends, current customer/user behaviour, and anything else that can provide context to drive the product team’s decision-making.
• Partner with design, engineering, and documentation to deliver a product that achieves the desired business outcomes.
• Collaborate with and enable all internal stakeholders including: sales, marketing, customer support, finance, legal; and represent them when they’re not in the room.
• Partner with other product teams to drive corporate objectives.
• Communicate verbally and through writing with anyone and everyone interested in your product for whatever reason.
• Define product specs, user stories, mockups, and acceptance criteria in collaboration with your team of PMs, engineering or independently.
• Develop a deep understanding of the market landscape and identify key areas of competitive differentiation and market disruption.
• Contribute actively to the creation and refinement of CloudBees product's cybersecurity features, maintaining a deep understanding of emerging technologies and industry best practices.
• Conduct regular security analysis and threat assessments, identifying vulnerabilities and potential improvements in the product's security.
• Generation of technical marketing requirements documents and creation of product roadmaps.
• Collaborate closely with CloudBees cybersecurity team to develop comprehensive security measures and strategies for the product, ensuring alignment with organisational objectives.