Senior Cyber Security Analyst in Glasgow

Overview

At Sonos we want to create the ultimate listening experience for our customers and know that it starts by listening to each other. As part of the Sonos team, you’ll collaborate with people of all styles, skill sets, and backgrounds to realize our vision while fostering a community where everyone feels included and empowered to do the best work of their lives.

This role is located on-site at our Glasgow office

This position is office-based, meaning regular in-person collaboration or use of office equipment is essential to maximize effectiveness for this team and/or position. Qualified applicants must live within commuting distance of our Glasgow office location and should expect to be in office a minimum of 4 days per week.

At Sonos, our Product Security Vision is to protect our products by implementing proven security practices and leveraging expertise to create experiences that both delight our customers and safeguard them and their information from cyber threats.

We are seeking an experienced and strategically-minded Senior Product Security Engineer - Regulatory Compliance to join our Product Security team. This is a critical new role central to establishing and maturing our Governance, Risk, and Compliance (GRC) capabilities specifically for our world class products and services.

You will be the internal subject matter expert, working with our legal and product compliance teams to interpret complex global cybersecurity regulations, determine product compliance requirements, and coordinating work across development teams to ensure Sonos products remain secure and saleable worldwide. This role is essential for handling regulatory changes, accelerating market access, and strengthening customer trust in Sonos\'s commitment to security and privacy.

What You’ll Do

As a Senior Product Security Engineer - Regulatory Compliance, you will:

• Contribute to Regulatory Interpretation: Serve as an internal expert and point of contact for our product software on the cross-functional team interpreting new and evolving global IoT cybersecurity and privacy regulations (e.g., EU Cyber Resilience Act (CRA), UK Product Security and Telecommunications Infrastructure (PSTI) Act, EU Radio Equipment Directive (RED) Delegated Act, GDPR, CCPA, U.S. Cyber Trust Mark).

• Coordinate Software Compliance Programs: Translate complex legal and regulatory requirements into clear, actionable internal policies, standards, and guidelines for product software engineering teams.

• Help Embed Compliance-by-Design: Collaborate closely with product managers, engineering leads (Firmware, Cloud, Mobile, Web), and quality assurance to integrate security and compliance checkpoints directly into Sonos\'s Secure Development Lifecycle (SDL), aligning with OWASP SAMM principles.

• Conduct Compliance Risk Assessments: Systematically identify, assess, and prioritize compliance-related risks within product designs, new features, and roadmaps.

• Cross-Functional Collaboration & Influence: Work effectively with diverse stakeholders across Legal, Product Compliance, Product Management, and Engineering. Provide expert guidance and influence decisions to ensure compliance is proactively addressed.

• Manage External Engagements: Coordinate and direct the work of external specialized Cybersecurity Consulting Firms for services such as gap assessments and periodic compliance reviews.

• Drive Training & Awareness: Develop and deliver training programs to internal teams, including our \"security champions\" network, to raise awareness and capability in product security compliance best practices.

• Maintain Regulatory Intelligence: Continuously monitor and roadmap anticipated regulatory changes and their potential impact on Sonos products, contributing to proactive strategy adjustments.

Basic Qualifications

We are looking for a passionate and strategic individual with a proven track record in navigating the complex world of product security compliance.

Education & Certifications

• Bachelor\'s degree in Computer Science, Information Security, Law, or a related technical field.

• Master\'s degree or relevant industry certifications (e.g., CIPP/E, CISM, CRISC, or specialized IoT/Product Security compliance certifications) are highly preferred.

Experience

• Minimum of 5 years of progressive experience in cybersecurity compliance, regulatory affairs, or product security, with a strong focus on IoT and/or consumer electronics products.

• Demonstrable experience interpreting complex legal and regulatory texts and translating them into practical, engineering-consumable requirements.

• Proven track record of successfully guiding product development teams through compliance efforts for regulations such as EU CRA, UK PSTI Act, EU RED Delegated Act, GDPR, and CCPA.

• Familiarity with industry security frameworks and standards like ETSI EN 303 645, ISO 27001, and NIST Cybersecurity Framework applied to product development.

Skills

• Exceptional Communication: Outstanding verbal and written communication skills to articulate complex compliance requirements, risks, and solutions clearly and persuasively to technical and non-technical audiences, from engineers to executives.

• Regulatory Expertise: In-depth, up-to-date knowledge of global privacy and cybersecurity regulations specifically impacting connected consumer devices and their associated software and services.

• Analytical & Problem-Solving: Strong ability to analyze legal texts, conduct risk assessments, identify compliance gaps, and develop pragmatic, actionable solutions.

• Technical Acumen: Solid conceptual understanding of IoT device architecture, cloud services, and software development lifecycles. While deep coding skills are not required for this role, sufficient technical fluency is critical to effectively engage with and guide engineering teams.

• Cross-Functional Collaboration & Influence: Proven ability to build consensus and work effectively across diverse internal teams (Legal, Engineering, Product Management, QA, Privacy) and with external partners.

• Proactive & Strategic Thinking: Ability to anticipate future regulatory trends, understand their potential impact on Sonos products, and proactively develop policies and strategies to address them.

Visa Sponsorship: Sonos is unable to sponsor or take over sponsorship of an employment visa for this role at this time. We ask that applicants be authorized to work for any UK employer, both now and in the future.

LI

#LI-Onsite

Your profile will be reviewed and you\'ll hear from us once we have an update. At Sonos we take the time to hire right and appreciate your patience.