Product Security Manager
The Product Security Manager helps drive the continuous evolution of Origami Risk's secure development lifecycle via a combination of supportive tooling capabilities and hands-on architecture partnership with our Development and Services organizations. Are you energized by the opportunity to bridge SaaS engineering and pragmatic security practices? Are you passionate about both sharing your technical talents and amplifying others? We are looking for a hands-on, highly collaborative Product Security Manager to assess, design, and champion security best-practices across Origami Risk. Origami Risk Information Security operates as trusted subject matter experts in multiple technology domains. Our team embeds within and directly supports our IT, Development, and Services organizations to deliver mission-critical, highly secure SaaS capabilities at speed and scale. We believe effective security begins with providing secure solutions to key business requirements and technical partnership via guardrails not roadblocks.
Origami Risk is proud to be an equal opportunity employer. We thrive and benefit from diversity and are committed to creating an inclusive and equitable environment for all employees. We do not discriminate against any individual based upon race, religion, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, color, sex, national origin, age, marital status, military or veteran status, disability, or any other characteristic protected by applicable law.
Responsibilities
• Foster and evangelize security culture across diverse and fast-paced teams with technical credibility, personal empathy, and service
• Design, deploy, manage, and improve critical Security SDLC supporting capabilities and tools to include SAST, DAST, CICD pipeline design, PKI, Secrets Management, Developer Training, and application-level Vulnerability Management
• Provide daily oversight of Product Security, to include the security impact analysis of proposed system modifications and implementations in Origami Development and Services
• Conduct compliance reviews on Origami's application stack and within our internal development environments
• Drive remediation activities with stakeholders, including developing remediation plans, tracking, and reporting remediation progress
• Stay current on developing security technologies, in both emerging capabilities and implementation
Qualifications
• Bachelor's degree in Computer Science or a related technical field, or equivalent practical experience
• 5 years of hands-on, demonstrated experience across application development, secure SDLC architecture (DevSecOps), and security service delivery - third-party or internal organization
• Experience with scripting and programming languages, prioritizing .NET (MVC Razor), Python, Golang, Bash
• Industry certifications such as GPEN, GXPN, OSCP, GCIA, GSEC, GREM, GWEB, preferred
• Experience with Cloud Security Alliance (CSA), FISMA & FedRAMP compliance process, including ISO 27001/2 and NIST 800-53 security controls
• Cloud IaaS/PaaS architecture design, AWS preferred
• Experience in incident response process, with a focus on detection, mitigation, and stakeholder communications
• Dynamic technical leadership acumen, both cross-functionally and directly supporting highly technical staff in our Product Security function• Project management experience, including direct teams and external partners
• You thrive in an environment encouraging a broad, collaborative impact, with outcomes prioritized above org. charts
• You foster credibility and collaboration with technical stakeholders by mapping security control requirements to practical solutions for various technologies
• You are biased to action at speed, comfortable with ambiguity, and able to distill complexity to clarity across varied technical disciplines
• You recognize the magic of facilitating people with diverse talents, perspectives, and technical backgrounds in accomplishing great things together
Who We Are
Origami Risk is a leading provider of integrated SaaS solutions for risk management, insurance, safety, and compliance. We've designed our single-platform, cloud-based software to be easily configurable to meet the needs of insured corporate and public entities, brokers and risk consultants, insurers and MGAs, third party claims administrators (TPAs), risk pools, and more. To fulfill our singular focus of helping our clients achieve their business objectives, our software is supported by a best-in-class service team of experienced risk, insurance, and safety professionals who have an ideal balance of industry knowledge and technological expertise.
Since its founding in 2009, Origami Risk has received more than two dozen awards for service excellence, technology innovation, and workplace culture. In addition to inclusion in Deloitte's Technology Fast 500™, a ranking of the 500 fastest-growing tech companies in North America, Origami Risk also has been repeatedly recognized by Inc. magazine as one of the "Best Places to Work" and Best and Brightest® Companies To Work For in the Nation by the National Association for Business Resources (NABR).