Principal Product Security Manager

Change your job, change your workplace, change your future... Ricoh Europe is investing in the capabilities needed to protect our diverse and rapidly evolving product and service landscape. As part of this journey, we are looking for a Principal Product Security Manager to build and lead a new Secure Development Practice that strengthens how we design, develop and deliver secure software across Europe. This is a high‑impact leadership role working closely with senior executives, engineering teams, product leaders and global security stakeholders to define and embed secure development standards across the entire technology portfolio.

About the Role

As the Principal Product Security Manager, you will be accountable for establishing a robust, modern Secure Development Lifecycle (SDLC) framework across Ricoh Europe. This includes developing policy, setting and enhancing engineering standards, building a centre of excellence, shaping security tooling and governance, and ensuring secure practices are adopted consistently across regions. You will manage a small high‑performing core team and build a wider virtual team of technical contributors across Europe. Operating as part of Ricoh’s senior security leadership, you will influence delivery teams, challenge existing norms and drive a culture of “shift left” to significantly reduce security vulnerabilities across our products and services. This role has strategic and operational breadth, requiring both strong engineering expertise and exceptional leadership, communication and stakeholder‑engagement skills.

What you will be doing

• Leadership, Strategy and Governance
  • Creating and leading a small team of advanced security specialists, including talent acquisition, coaching and performance management
  • Building a pan‑European virtual network of technical contributors to embed secure development capability across regions
  • Working with senior executives, product leaders and global teams to align on global secure development practices
  • Developing a comprehensive secure development policy framework aligned to NIST SSDF, OWASP SAMM/ASVS, ISO 27034 and our own internal standards
  • Managing the secure development budget and building business cases supporting investment in security improvements
• SDLC Framework Ownership
  • Designing/enhancing secure engineering guardrails, coding standards, and lifecycle governance policies
  • Leading the rollout and adoption of secure development frameworks across multiple engineering teams as well as managing where we already have this capability
  • Ensuring alignment with regulatory standards, security baselines and organisational risk priorities
  • Conducting internal audits, defining KPIs and reporting performance trends across teams
• Tooling and Engineering Enablement
  • Developing a tooling strategy for secure development, including CI/CD integration, SCM, SAST, SCA and automated testing
  • Leading the implementation of secure pipelines, reference environments and developer-friendly controls
  • Defining best practices for code quality, defect reduction and testing maturity
  • Supporting supply chain security, including SBOMs, provenance checks, artefact security and signing
• Training, Stakeholder Engagement and Culture
  • Building a centre of excellence offering clear guidance, training and reference material for secure development
  • Delivering education on secure coding, threat modelling and SDLC best practice
  • Challenging current norms and helping teams balance efficient delivery with robust security
  • Supporting creation of security champions communities across Europe
  • Conducting maturity assessments and driving improvement roadmaps
  • Staying ahead of emerging threats, tooling and secure engineering trends
  • Ensuring incident readiness, forensic logging and integration with SRE/SOC playbooks

What We Are Looking For

• Technical Expertise
  • Strong background in secure development, SDLC governance and software engineering
  • Experience with NIST SSDF, OWASP SAMM/ASVS, ISO 27034 or similar frameworks
  • Deep understanding of secure coding, cryptography, and vulnerability prevention (e.g., OWASP Top 10, API Top 10)
  • Hands‑on familiarity with CI/CD pipelines, SAST/SCA tooling, fuzz testing and code quality processes
  • Experience building or maintaining SBOMs, supply chain security and provenance controls
  • Cloud security knowledge (IAM, encryption, configuration hardening), ideally with Azure
  • Ability to interpret red team findings and translate attack chains into practical mitigation strategies
• Leadership and Stakeholder Skills
  • Proven experience managing senior technical specialists and leading multi‑disciplinary teams
  • Skilled in steering large‑scale business change and building virtual teams across regions
  • Strong communicator capable of simplifying complex technical issues for executives
  • Ability to influence, negotiate and challenge without direct authority
  • Experience presenting to senior leadership, including board‑level stakeholders
• Business and Strategic Acumen
  • Strong understanding of product lifecycle management, engineering processes and commercial drivers
  • Ability to embed security within agile delivery, DevOps workflows and hybrid models
  • Experience in regulated environments and awareness of legal/compliance expectations
  • Ability to deliver business value through improved security, consistency and resilience

Qualifications & Experience

• Degree in Computer Science, Software Engineering or similar (or equivalent experience)
• Certifications such as CISSP or CSSLP are highly advantageous
• Senior‑level experience (e.g., Head of Secure Development, Director of Secure Engineering) in enterprise‑scale environments
• Evidence of improving SDLC performance, implementing governance controls and influencing engineering teams

In Return For Your Commitment, You Can Expect

• A competitive salary package
• Industry leading benefits
• Ricoh is an exceptional place to work. A place where there is strong emphasis on career development for the right individuals. This is a role where you can excel within a fast‑paced environment and succeed within a thriving organisation. This is an excellent opportunity to join a global company where you can truly capitalise and build on your own experience.

At Ricoh, we embrace and respect the collective and unique talents, experience, and perspectives of all people. Together we inspire remarkable innovation. That’s how we live the Ricoh Way.

Ricoh have removed the disclosure of convictions box from their application process offering equal opportunities to all. For all roles, we will judge each individual on their skills and ability before taking into account their history. However some roles are subject to sensitive and restrictive information and, if successful, you may be required to undertake pre‑employment vetting checks which include but are not limited to residency check, credit reference check, financial sanctions check and a DBS Check. Further information on Employment Vetting can be accessed by contacting the Ricoh Recruitment Team.