Head of Product Security

Role Overview

As the Head of Product Security, you will be responsible for defining, building, and leading Fluidra’s product security function for connected and IoT-enabled pool products. You will own the end-to-end product security strategy, embed security-by-design practices across the product lifecycle, and ensure compliance with the EU Cyber Resilience Act (CRA) and other applicable global regulations.

Reporting directly to the Global CISO, this role works closely with Engineering, R&D, Firmware, IoT, Compliance, Cybersecurity Architecture teams, and external partners to ensure secure, compliant, and resilient products.

Key Responsibilities

Strategy & Leadership

Define and execute the product security strategy aligned with CRA requirements and industry best practices

Build, mentor, and lead a high-performing team of product security engineers and analysts

Establish global product security governance, policies, and standards across R&D teams

Define, monitor, and report product security KPIs and metrics

Provide regular updates on product security posture and compliance to executive leadership

Stay current on emerging threats, regulatory changes, and industry trends

Security by Design

Embed security-by-design principles throughout the connected product development lifecycle

Lead threat modeling initiatives for new products and features

Define security requirements from product concept through deployment

Ensure OWASP standards are integrated into development practices

Assess and mitigate security risks related to AI/ML-enabled product features

Vulnerability Management & PSIRT

Establish and lead the Product Security Incident Response Team (PSIRT)

Implement coordinated vulnerability disclosure processes

Manage vulnerability reporting to ENISA, as required under CRA

Oversee security patch development, validation, and deployment

Compliance & Supply Chain Security

Own compliance with CRA and RED Article 3.3 for connected products

Ensure SBOM generation, maintenance, and disclosure processes are in place

Assess and manage third-party and supply chain security risks

Oversee technical documentation for CE conformity declarations

Define and manage product security support periods and end-of-life processes

Coordinate with external auditors and certification bodies

Coordination & Stakeholder Management

Collaborate with Cybersecurity Architecture teams on cloud security initiatives

Manage external hardware penetration testing vendors

Partner with R&D leadership to integrate security into product roadmaps

Work closely with Quality and Regulatory teams on certifications

Support Sales and Customer Success teams on product security queries

Conduct product security due diligence for mergers and acquisitions

What We Are Looking For

Experience

Minimum 10 years of experience in cybersecurity, with 5+ years focused on product or IoT security

Proven experience building and leading security teams

Hands-on experience with PSIRT operations and vulnerability disclosure

Background in manufacturing, industrial, or consumer IoT environments preferred

Expert Knowledge

Security-by-design methodologies and secure development lifecycle

Threat modeling frameworks (STRIDE, PASTA, Attack Trees)

OWASP standards (Top 10, IoT Top 10, ASVS)

EU Cyber Resilience Act and Radio Equipment Directive requirements

IoT security architecture and embedded systems

Supply chain security and third-party risk management

Technical Skills

Cloud security platforms (Wiz preferred)

AWS IoT services and serverless architectures

Embedded systems security

SBOM generation and vulnerability management tools

Security considerations for AI/ML-enabled products

Leadership & Communication

Experience leading teams in global, matrixed organizations

Strong communication skills across technical and executive audiences

Proven ability to collaborate cross-functionally with engineering teams

Vendor management and negotiation experience

Certifications

CISSP or CISM (mandatory)

Preferred: OSCP, GICSP, IEC 62443

Additional Requirements

Excellent English communication skills (written and verbal)

Willingness to travel internationally up to 10%, as required