Director of Product Security

Role Overview

The

Director – Product & Cloud Security

owns the strategy, architecture, and execution of

security across the product lifecycle and cloud platforms , ensuring that Odessa’s SaaS products are

secure by design, compliant by default, and resilient at scale .

This role leads

Product Security, Cloud Security, and AI Security integration

efforts, working closely with Engineering, Architecture, Product Management, DevOps/SRE, Compliance, and Legal teams. The Director is accountable for embedding security controls into modern cloud‑native architectures while supporting regulatory compliance, customer assurance, and business growth.

What You'll Do:

1. Product Security Leadership Define and execute the

Product Security strategy

across design, development, testing, release, and operations. Embed security into

SDLC and CI/CD pipelines , ensuring consistent adoption across engineering teams. Lead

threat modeling, secure architecture reviews, and design risk assessments

for new and existing product capabilities. Govern

application security testing programs , including: SAST, DAST, and SCA Infrastructure‑as‑Code (IaC) and API security testing Own

product vulnerability management , including prioritization, remediation SLAs, and customer‑facing disclosures. Partner with Product and Engineering leadership to ensure security supports

speed, scale, and innovation .

2. Cloud & Platform Security Own security architecture and posture for

cloud‑native SaaS platforms hosted on Microsoft Azure . Define and enforce

cloud security guardrails

across: Identity & access management (IAM, MFA, PAM) Network security, WAFs, and segmentation Encryption, key management, logging, and monitoring Lead

Cloud Security Posture Management (CSPM)

and continuous configuration assurance. Oversee security for

containers, Kubernetes, APIs, and microservices . Ensure effective integration and use of core security platforms, including: Azure Security Center / Defender FortiGate Firewall & FortiWeb WAF CyberArk (PAM) Lacework (CSPM) Sumo Logic (SIEM) Datadog (APM & monitoring) CrowdStrike (endpoint & workload protection) Tenable (vulnerability management)

3. AI Security & Secure AI Integration (New – Core Accountability) Define and own the

AI Security strategy

for product features leveraging AI/ML and GenAI capabilities. Ensure AI features are designed and deployed in line with

Responsible AI, privacy, and security‑by‑design principles . Partner with Product and Engineering teams to: Perform

AI threat modeling

(model abuse, prompt injection, data leakage, training data risks). Establish

guardrails for AI usage , including data classification, access controls, and output validation. Govern security controls for: Training data protection and lineage Model integrity and lifecycle management Secure integration of third‑party AI services and APIs Align AI security practices with: Internal

AI Security and Responsible Use policies Emerging regulations and frameworks (e.g., EU AI Act, NIST AI RMF, data protection laws) Act as a key member of the

AI Governance Committee , providing security and risk leadership.

4. Governance, Risk & Compliance (Product & Cloud Scope) Ensure product and cloud controls meet

ISO 27001/27017, SOC 2 Type II, GDPR, DPDPA , and customer contractual requirements. Support

customer security reviews, RFPs, audits, and due‑diligence

activities. Translate regulatory and contractual obligations into

practical, auditable technical controls . Maintain strong documentation, evidence, and metrics for audits and certifications.

5. Incident Response & Security Operations Act as a senior escalation point for

product and cloud security incidents . Ensure effective detection, response, root‑cause analysis, and post‑incident improvements. Partner with SOC and engineering teams to improve

mean‑time‑to‑detect and remediate .

6. Leadership & Team Management Build, lead, and mentor

Product Security and Cloud Security teams . Define team charters, KPIs, and maturity roadmaps. Drive a culture where

security is a shared responsibility , not a gatekeeper. Represent Product & Cloud Security in

executive, customer, and board‑level discussions .

Basic Qualifications :

Required 12+ years in

product security, application security, or cloud security , with 5+ years in leadership roles. Strong hands‑on and architectural experience with

Azure‑based SaaS platforms . Deep understanding of

secure SDLC, CI/CD security, cloud‑native architectures , and modern DevSecOps practices. Proven experience operating tools such as

SAST/DAST/SCA, CSPM, SIEM, PAM, WAFs , and vulnerability management platforms. Experience supporting

SOC 2 / ISO 27001 audits

and enterprise customer security assessments. Ability to communicate security risk effectively to

engineering leaders, executives, auditors, and customers .

Preferred Qualifications

Experience in

FinTech, financial services, or highly regulated SaaS environments . Exposure to

AI/ML security, GenAI risk management, and AI governance .