Senior Manager of Product Security

Requirements

• Demonstrated experience leading a product or application security team, including hiring, coaching, and performance management
• Broad technical grounding across at least two of: application security, cloud/infrastructure security, offensive security, and vulnerability management
• Hands‑on history in secure SDLC practices—threat modelling, design reviews, security tooling in CI/CD—enough to credibly challenge your team’s work
• Ability to prioritise ruthlessly: separate high‑impact risk reduction from low‑value compliance theatre
• Experience building cross‑functional partnerships with engineering, product, and platform teams—influencing without owning the delivery backlog
• Clear, direct communication—able to present risk, trade‑offs, and programme status to senior leadership without hiding behind jargon
• Comfort operating in a product‑led, engineering‑heavy organisation where security earns its seat through credibility, not authority

What the job involves

• Anaplan’s Product Security team is responsible for securing a platform that large enterprises rely on for real business decisions—across finance, supply chain, workforce, and sales planning
• As Senior Manager, you will own the day‑to‑day leadership of a team that spans application security, infrastructure and cloud security, offensive security, and vulnerability management
• You report to the Director of Product Security and are accountable for turning strategy into consistent, measurable security outcomes across the product portfolio
• This is a people‑leadership role owning Anaplan’s Product Security team across AppSec, InfraSec, OffSec, and vulnerability management
• The Senior Manager reports to the Director of Product Security and is responsible for team output, prioritisation, operating rhythm, and engineering partnerships
• The role requires genuine technical depth—this is not a project management seat—combined with the management maturity to build and scale a high‑performing team
• Lead and develop the Product Security team: hire, coach, and retain engineers across AppSec, InfraSec, OffSec, and vulnerability management. Set clear expectations and build a team that ships security improvements, not just findings
• Own the operating rhythm: run sprint planning, triage, and retrospectives. Calibrate work across BAU vulnerability management, strategic projects, and longer‑term capability building
• Drive secure SDLC integration: ensure threat modelling, design reviews, and security tooling are embedded into how engineering teams build—not bolted on after the fact
• Prioritise based on real risk: translate scanner output, pen‑test findings, and threat intelligence into prioritised remediation plans that engineering teams actually execute
• Scale security through automation and self‑service: invest in tooling, guardrails, and developer‑facing documentation that reduce friction and increase coverage without linear headcount growth
• Partner with engineering and platform leadership: represent Product Security in cross‑functional planning, influence roadmaps, and ensure security trade‑offs are understood at the right level
• Manage security incidents: coordinate response for product security incidents, run post‑mortems, and ensure findings translate into durable fixes
• Report on programme health: provide clear, honest reporting to the Director and broader leadership on risk posture, coverage gaps, and team capacity

#J-18808-Ljbffr