Product Security Lead

Job Description

We have a direct-hire position for a Product Security Lead with one of our clients in Atlanta, GA. No third party candidates considered for this position.

Our Client, we’re all about connecting people to the things they do and love through our products, services, and technology.  It’s our people who make this possible, and we’re always looking for more of the very best to join our team and make it even better.

We’re searching for a Product Security Lead to drive the next evolution in securing Client Communications products. Sounds important- right? This person will provide thought leadership and drive the secure product development lifecycle as part of Client Communication’s broader initiative of a secure product portfolio. You will also support various product development teams to ensure our customers are secure as well as socialize the program and provide security consulting with consideration of current information security industry trends and threat landscapes.

If this sounds like an opportunity you want to explore, keep reading - we’ve got all the details you’ll need to take the next steps.

What You’ll Do:

• Guide, inform, and support the successful release of products while following our product security program and maintaining up-to-date inventory entries, including product lifecycle status, risk profile and remediation validation
• Bring together product development teams to achieve high cyber security quality of products and provide information to make risk-based decisions
• Support efforts to secure product lifecycle practices and identify and quantify product and portfolio product security risks
• Engage with other information security teams to create action plans
• Provide consultative advice and insights into the maintenance of product security procedures, directives, and technology controls
• Ensure product development teams practice ‘Secure by Design’ through validation of Client product security requirements in design and architecture, and ensure information security artifacts align with industry standards or regulatory requirements (i.e., PCI-DSS, HIPAA, GDRP, NIST, CMMC, etc.)
• Participate in industry working groups and provide insights back to product development teams on leading practices and regulations
• Be the business unit focal point for business-critical customer cybersecurity issues (PSIRT), product security compliance or external security certifications.

 Key Responsibilities:

Leadership:

• Act as servant-leader to an agile team; removing impediments and ensuring team productivity.
• Lead by example, demonstrating and upholding Agile values and principles.
• Protect the team from outside interference, removing impediments, and ensuring that the work is delivered as a team.
• Organize and facilitate Iteration ceremonies
• Support the team in delivering stories such that they meet the definition of done.
• Lead team retrospectives and ensure key learning is incorporated into next sprint.

Coaching:

• Coach team members to uphold scrum principles.
• Cultivate and environment of trust, good faith, empowerment and creativity.
• Facilitate discussions and conflict resolution.

Communication/Tracking

• Track team delivery through the use of burndown charts and other visual methods.
• Produce and post sprint plans and otherwise act as an information radiator.
• Track team velocity to ensure accuracy of future planning.

Collaboration

• Understand the business priorities and items to be refined in upcoming Iterations.
• Ensure management is informed if changes occur that impact delivery to the business.
• Work with team to ensure alignment of priorities and that dependencies are delivered in the appropriate sprints to support delivery commitments.
• Actively participate in activities related to agile adoption across the organization.

Planning

• Drive weekly backlog refinement sessions with the team, ensuring work items are estimated and ‘ready-for-work’ per established priorities.
• Coordinate dependencies with other initiatives
• Lead Iteration Planning sessions ensuring the commitments made are appropriate and uphold scrum principles.