Director Product Security
Director Product Security
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Not Disclosed
Salary Not Disclosed
1 Vacancy
Job Description
About the Team
The primary objective of the Head of Product Security role is to prevent security breaches feature abuse and compliance non-conformities that could result in financial loss reputational damage or failure to achieve Miros business objectives by ensuring that security privacy compliance and misuse risks are systematically identified and mitigated throughout the Product Development Life Cycleintegrated into Miros AMPED (Analytics & Marketing & Product & Engineering & Design) Ways of Working and Operating Model. The role enables secure and compliant product development to support the successful delivery of Miros business objectives.
About the Role
The Head of Product Security is responsible for defining and managing Miros product security strategy with a primary focus on embedding security privacy and abuse-prevention practices throughout the Product Development Life Cycle (PDLC)spanning the Discover Define and Deliver phases. The PDLC is embedded within Miros AMPED Ways of Working (WoW) and AMPED Operating Model and this role ensures that product teams apply consistent security considerations as part of how products are scoped shaped and shipped.
The position includes responsibility for enabling product teams to identify and mitigate both technical risks and misuse scenarios where legitimate product functionality could be abused for malicious purposes (e.g. phishing data leakage account enumeration). The Head of Product Security sets expectations for risk ownership and ensures that non-functional security requirements are integrated into product delivery frameworks.
This role reports directly to the Chief Information Security Officer (CISO) and collaborates closely with Product Engineering Application Security Privacy Legal and Compliance functions.
What youll do
- Define and maintain a product security governance framework aligned with the Discover Define Deliver phases of the PDLC as structured within the AMPED Ways of Working and Operating Model.
- Establish clear ownership models assigning product managers accountability for identifying documenting and mitigating security and abuse risks.
- Lead the development of security guidance policy and review processes tailored to each PDLC phase within the AMPED framework.
- Implement methods for identifying both traditional vulnerabilities and abuse of functionality where users exploit legitimate features for malicious purposes.
- Specify non-functional security requirements to be considered in product requirements architecture and delivery checkpoints.
- Collaborate with Product teams to incorporate threat modeling misuse case analysis and privacy risk assessments into the Discover and Define stages.
- Coordinate with Application Security to ensure alignment of secure software development practices with broader product strategy and roadmaps.
- Maintain tooling documentation and checklists to support structured product security reviews and approvals.
- Integrate compliance privacy and regulatory requirements (e.g. GDPR DSA AI Act) into product planning and delivery processes.
- Develop and deliver education programs to raise awareness of product misuse risks and the responsibility of product teams to mitigate them.
- Participate in product strategy reviews roadmap reviews and high-risk feature assessments providing security input and risk-based recommendations.
- Define and report on product security KPIs and maturity metrics aligned with AMPED governance forums and risk review processes.
- Act as a point of contact for internal audit security certifications and external customer assurance related to product-level security risks.
- Drive continuous improvement in security integration by incorporating learnings from incidents threat intelligence and peer benchmarks into the PDLC.
- Ensure alignment of all product security activities with Miros AMPED cross-functional execution model enabling scalable and repeatable secure product development practices.
What youll need
- 10 years of experience in information security with a strong focus on software and product security.
- 5 years of leadership experience in a security function with a proven track record of building and mentoring high-performing teams.
- Deep expertise in Secure Software Development Lifecycles (SSDLC) including integrating security into agile and custom development frameworks.
- Extensive experience with threat modeling methodologies (e.g. STRIDE PASTA) and risk assessment particularly within a SaaS or product-centric organization.
- Strong knowledge of cloud security principles and experience securing applications in major cloud environments (AWS GCP or Azure).
- Familiarity with modern application architecture including microservices APIs and containerization (Docker Kubernetes).
- Solid understanding of relevant compliance and regulatory frameworks such as GDPR SOC 2 ISO 27001 and emerging AI regulations.
Who you are (Skills & Attributes)
- A Strategic Leader: You think holistically balancing security requirements with business objectives and product velocity.
- An Exceptional Communicator: You can articulate complex technical risks to non-technical stakeholders and translate business goals into security strategy for your team.
- A Natural Collaborator: You excel at building strong relationships and influencing cross-functional teams without direct authority.
- A Pragmatic Problem-Solver: You are skilled at identifying scalable risk-based solutions and are comfortable navigating ambiguity in a fast-paced environment.
- Data-Driven: You use metrics and KPIs to measure the effectiveness of your programs and drive continuous improvement.
- A Passionate Mentor: You are dedicated to developing talent and empowering engineers and product managers to be security champions.
Whats in it for you
AMS:
- Competitive equity package
- Medical insurance coverage
- Lunch snacks and drinks provided in the office
- Wellbeing benefit and WFH equipment allowance
- Annual learning and development allowance to grow your skills and career
- Travel allowance for your commute
- Opportunity to work for a globally diverse team
- Inspiring workplace in the heart of Amsterdam
Required Experience:
Director
Employment Type
Full Time
