Search by job, company or skills

Odessa

Director of Product Security

Odessa
Bengaluru, India
12-14 Years
new job description bg glownew job description bg glownew job description bg svg
  • Posted 9 hours ago
  • Be among the first 10 applicants
Early Applicant

Job Description

Role Overview

The Director – Product & Cloud Security owns the strategy, architecture, and execution of security across the product lifecycle and cloud platforms, ensuring that Odessa's SaaS products are secure by design, compliant by default, and resilient at scale.

This role leads Product Security, Cloud Security, and AI Security integration efforts, working closely with Engineering, Architecture, Product Management, DevOps/SRE, Compliance, and Legal teams. The Director is accountable for embedding security controls into modern cloud‑native architectures while supporting regulatory compliance, customer assurance, and business growth.

What You'll Do:

1. Product Security Leadership

  • Define and execute the Product Security strategy across design, development, testing, release, and operations.
  • Embed security into SDLC and CI/CD pipelines, ensuring consistent adoption across engineering teams.
  • Lead threat modeling, secure architecture reviews, and design risk assessments for new and existing product capabilities.
  • Govern application security testing programs, including:
  • SAST, DAST, and SCA
  • Infrastructure‑as‑Code (IaC) and API security testing
  • Own product vulnerability management, including prioritization, remediation SLAs, and customer‑facing disclosures.
  • Partner with Product and Engineering leadership to ensure security supports speed, scale, and innovation.

2. Cloud & Platform Security

  • Own security architecture and posture for cloud‑native SaaS platforms hosted on Microsoft Azure.
  • Define and enforce cloud security guardrails across:
  • Identity & access management (IAM, MFA, PAM)
  • Network security, WAFs, and segmentation
  • Encryption, key management, logging, and monitoring
  • Lead Cloud Security Posture Management (CSPM) and continuous configuration assurance.
  • Oversee security for containers, Kubernetes, APIs, and microservices.
  • Ensure effective integration and use of core security platforms, including:
  • Azure Security Center / Defender
  • FortiGate Firewall & FortiWeb WAF
  • CyberArk (PAM)
  • Lacework (CSPM)
  • Sumo Logic (SIEM)
  • Datadog (APM & monitoring)
  • CrowdStrike (endpoint & workload protection)
  • Tenable (vulnerability management)

3. AI Security & Secure AI Integration (New – Core Accountability)

  • Define and own the AI Security strategy for product features leveraging AI/ML and GenAI capabilities.
  • Ensure AI features are designed and deployed in line with Responsible AI, privacy, and security‑by‑design principles.
  • Partner with Product and Engineering teams to:
  • Perform AI threat modeling (model abuse, prompt injection, data leakage, training data risks).
  • Establish guardrails for AI usage, including data classification, access controls, and output validation.
  • Govern security controls for:
  • Training data protection and lineage
  • Model integrity and lifecycle management
  • Secure integration of third‑party AI services and APIs
  • Align AI security practices with:
  • Internal AI Security and Responsible Use policies
  • Emerging regulations and frameworks (e.g., EU AI Act, NIST AI RMF, data protection laws)
  • Act as a key member of the AI Governance Committee, providing security and risk leadership.

4. Governance, Risk & Compliance (Product & Cloud Scope)

  • Ensure product and cloud controls meet ISO 27001/27017, SOC 2 Type II, GDPR, DPDPA, and customer contractual requirements.
  • Support customer security reviews, RFPs, audits, and due‑diligence activities.
  • Translate regulatory and contractual obligations into practical, auditable technical controls.
  • Maintain strong documentation, evidence, and metrics for audits and certifications.

5. Incident Response & Security Operations

  • Act as a senior escalation point for product and cloud security incidents.
  • Ensure effective detection, response, root‑cause analysis, and post‑incident improvements.
  • Partner with SOC and engineering teams to improve mean‑time‑to‑detect and remediate.

6. Leadership & Team Management

  • Build, lead, and mentor Product Security and Cloud Security teams.
  • Define team charters, KPIs, and maturity roadmaps.
  • Drive a culture where security is a shared responsibility, not a gatekeeper.
  • Represent Product & Cloud Security in executive, customer, and board‑level discussions.

Basic Qualifications :

Required

  • 12+ years in product security, application security, or cloud security, with 5+ years in leadership roles.
  • Strong hands‑on and architectural experience with Azure‑based SaaS platforms.
  • Deep understanding of secure SDLC, CI/CD security, cloud‑native architectures, and modern DevSecOps practices.
  • Proven experience operating tools such as SAST/DAST/SCA, CSPM, SIEM, PAM, WAFs, and vulnerability management platforms.
  • Experience supporting SOC 2 / ISO 27001 audits and enterprise customer security assessments.
  • Ability to communicate security risk effectively to engineering leaders, executives, auditors, and customers.

Preferred Qualifications

  • Experience in FinTech, financial services, or highly regulated SaaS environments.
  • Exposure to AI/ML security, GenAI risk management, and AI governance.

More Info

Job Type:
Permanent Job
Industry:
Other
Function:
Cloud Security
Employment Type:
Full time

About Company

Odessa

Job ID: 145602789

Jobs by Skill - IT
Jobs by Skill - Non IT
International Jobs
Last Updated: 10-04-2026 07:56:26 PM
Homejobs in Bengaluru / BangaloreDirector of Product Security