Jobs · Education · Michigan

Product Security Principal

Flagstar Bank · Troy, MI · Yesterday
Education$159k–$242k/yrFull-time

Job Responsibilities

  • Cultivates security culture across product, technology, and business teams by embedding threat modeling, security architecture reviews, and secure code practices, ensuring products adopt security controls and are secure from design through deployment.
  • Owes application-specific security requirements, threat modeling, security architecture design, authentication/authorization design, and data classification/handling standards in partnership with Tech Leads and Business Architects.
  • Leads security testing, vulnerability assessments, penetration testing coordination, and security validation activities, tracking security defect remediation and ensuring compliance with secure coding standards.
  • Prepares and delivers Technology Review Board security artifacts including Initial Design Review security assessments, Production Release Review security validation, and security incident response plans.
  • Proactively monitors Key Risk Indicators, manages emerging security issues with urgency, identifies root causes and themes, and provides timely recommendations for resolution to the BURM and leadership.
  • PARTNERS WITH THIRD PARTY OVERSIGHT TEAMS TO ENSURE EFFECTIVE TECHNOLOGY RISK MANAGEMENT OF VENDORS, WITH FOCUS ON CLOUD COMPUTING, SaaS TOOLS, AND EMERGING TECHNOLOGIES ENGAGED BY TECHNOLOGY PARTNERS.
  • Collaborates on business-as-usual audit and regulatory engagements, translating firmwide policy and regulatory requirements into control designs for Software Engineers and SRE teams.
  • SERVES AS THE PRODUCT’S SECURITY THOUGHT LEADER, SHARING BEST PRACTICES BETWEEN PRODUCT AND CYBERSECURITY TEAMS, AND ACTING AS THE CLEAR POINT OF ESCALATION AND SUBJECT MATTER EXPERT FOR IT RISK AND CYBERDOMAINS.

Job Requirements

  • Education level preferred: High School / High School Equivalency (GED, HiSET, TASC) / Foreign Equivalent
  • Minimum experience required: 8+ Years in information security, cybersecurity, or technology risk management with strong security and technical skills in a regulated organization
  • Experience operating in a 3 Lines of Defense (3LoD) model with demonstrated ability to translate policy and regulatory requirements into control designs for engineers and architects
  • Proven ability to communicate effectively and authoritatively with technical and non-technical stakeholders, explaining complex security concepts in simple terms

Preferred Qualifications

  • Education level preferred: Undergraduate Degree (4 years or equivalent)
  • Technical understanding of Public Cloud computing (Azure/AWS), including cloud hardening, data protection controls, resiliency, and access management
  • Experience with APIs/microservices, IAM, Secrets Management, DevSecOps, and SSDLC preferred
  • Financial services and banking experience preferred; experience in industries with similar risk tolerance acceptable
  • CISSP, CISM, or equivalent security certifications strongly preferred

Similar jobs