Director, Product Management – Platform Security & Privacy

Location: Bengaluru

About the Role

We are seeking a seasoned Director of Platform Product Management –  Security and Privacy  to lead our security and privacy initiatives across our FICO platform. This role is pivotal in ensuring our platform meets the highest standards of security, compliance, and operational excellence without becoming a policing function. The ideal candidate will bring deep expertise in security architecture, IAM, data protection, cloud security, and compliance, and will collaborate cross-functionally to embed security into the platform's DNA.

Key Responsibilities
Security Strategy &

Roadmap:

Define and drive the platform’s security product strategy, aligning with business goals and regulatory and customer requirements.
Cryptographic Services:
Lead platform key management systems (KMS), certificate lifecycle management, and PKI infrastructure, secrets management platforms and drive BYOK/HYOK and customer-controlled key capabilities.
Encryption & Data Protection:
Define comprehensive encryption frameworks including at rest, in transit, and in use. Ensure integration with HSMs, secure enclaves, and confidential computing environments.
Privacy & Compliance:
Implement privacy-by-design principles and ensure adherence to global privacy regulations (e.g. GDPR, CCPA). Define requirements for FIPS 140-2, Common Criteria certification, and post-quantum cryptography readiness.
Cloud Security Architecture:
Define cryptographic requirements for cloud-native infrastructure, including secure key distribution in Kubernetes, serverless functions, and multi-cloud environments.
Security by Design:
Collaborate with engineering, architecture, Dev Ops, and design teams to embed security into platform features and workflows from the ground up.
Operational Resilience:
Define operational security practices including incident response, vulnerability management, and secure CI/CD pipelines.
Stakeholder Enablement & Metrics:
Work with GTM teams to ensure security features are well-documented and leveraged in customer engagements. Define KPIs to measure platform security effectiveness.
Zero Trust Architecture:
Champion the adoption of Zero Trust principles, ensuring continuous verification of identity, device, and context across platform services.

Required Qualifications
Bachelor’s degree in Computer Engineering, Computer Science, or related technical field.
13+ years of overall experience in technology and product management.
10+ years of experience in the security domain, specifically building and scaling SaaS platforms.
Deep understanding of IAM and security frameworks and protocols including OIDC, SAML, SCIM, OAuth, FIDO, RBAC/ABAC and KMIP
Hands-on experience with cryptographic services and secrets management (e.g., Hashi Corp Vault), PKI/Certificate lifecycle management, and threat modeling. Proficiency with secure API gateways and enterprise IAM providers including Okta, Auth0, AWS IAM, and Entra  (Azure AD).
Strong understanding of Dev Ops, CI/CD pipelines, and how security integrates into modern development workflows.

What Success Looks Like
Security & privacy is seamlessly integrated into platform development and operations
Secrets, certs and keys are centralized managed through a unified lifecycle adhering to zero trust and least privileges principles, including dynamic, short-lived credentials and automated rotation to eliminate secret sprawl and operational inefficiency across environments.
Threat modeling is embedded in product planning and risk mitigation.
Cloud infrastructure is hardened and compliant with industry standards.
Compliance requirements are met proactively, not reactively.
Stakeholders across engineering, legal, and GTM are aligned and enabled.
The platform is trusted by customers and partners for its security posture.