Director, Product Security

Joining Collibra’s Product Security team

You will lead the high-stakes mission of embedding security into the very DNA of our software development lifecycle. As the primary champion of our security guardrails, you will manage a high-performing engineering team dedicated to protecting our LLM-powered features, Kubernetes clusters, and the brand trust our customers rely on. You are the shield ensuring our platforms are Secure-by-Design and Secure-by-Default at an enterprise scale.

The Director, Product Security at Collibra is responsible for

• Strategic Engineering Partnership: Partnering with engineering teams to embed automated security testing (SAST/DAST/SCA) into CI/CD workflows and IDEs, driving adoption through developer-friendly tooling and technical guardrails for multi-cloud and Kubernetes environments.
• AI & Supply Chain Security: Implementing NIST and OWASP AI frameworks for LLM features and managing the Software Bill of Materials (SBOM) to mitigate supply chain risks.
• Vulnerability & Threat Management: Leading the PSIRT process, managing the Bug Bounty program, and overseeing offensive security efforts like penetration testing and threat modeling.
• Compliance & Audit Readiness: Owning product security controls for FedRAMP, SOC 2, and ISO 27001, ensuring all practices are audit-ready and operationalized.
• Leadership & Enablement: Managing the product security budget, vendor relationships, and developer enablement programs to ensure security is a shared responsibility across the org.
• Give-and-Get: You mentor your team to technical excellence while holding them accountable for the security of every line of code.
• Embrace Ambiguity: You translate complex technical threats into clear business risks for executive stakeholders.
• Lead with Confidence: You represent Collibra’s security posture to the world’s most demanding enterprise customers.

You have

• Technical Leadership Experience: 7 to 10 years of proven track record of managing high-performing security engineering teams in a modern SaaS or microservices environment.
• Deep SDLC Expertise: Extensive experience integrating security tooling (SAST, DAST, SCA) directly into automated developer workflows and container orchestration.
• AI/ML Security Knowledge: Hands-on experience with emerging AI security standards and securing data pipelines for LLM-powered features.
• Incident Response Mastery: Experience leading a PSIRT, managing public disclosures (CVEs/VEX), and triaging production vulnerabilities under pressure.
• Regulatory Fluency: Strong understanding of security control requirements for FedRAMP, STIG, and other major enterprise compliance frameworks.
• A bachelor’s degree or equivalent related working experience is required.
• This position is not eligible for visa sponsorship.
• Because this role supports the US government, it is required that this candidate be a US citizen who resides on US soil.

You are

• A Technical Diplomat: Able to explain complex security vulnerabilities to non-technical stakeholders in Legal, Sales, and Marketing without losing them.
• Risk-Oriented: Skilled at translating technical debt into business risk to help executives make informed investment decisions.
• A High-Trust Mentor: Dedicated to building a culture of technical excellence and career growth within a hybrid team environment.
• Composed Under Fire: Calm and structured when leading responses to production threats or high-stakes customer escalations.
• Architecturally Minded: Someone who looks at software through the eyes of an attacker to identify flaws before they reach production.