Senior Product Manager, Security and Compliance - UK

About CloudBees

CloudBees is the leading software delivery platform that enables enterprises to deliver scalable, compliant, and secure software, empowering developers to do their best work.

Seamlessly integrating into any hybrid and heterogeneous environment, CloudBees is more than a tool—it's a strategic partner in your cloud transformation journey, ensuring security, compliance, and operational efficiency while enhancing the developer experience across your entire software development lifecycle. It allows developers to bring and execute their code anywhere, providing greater flexibility and freedom through fast, self-serve, and secure workflows.

CloudBees supports organizations at every step of their DevSecOps journey, whether using Jenkins on-premise or transitioning software delivery to the cloud and wanting to accelerate their cloud transformation by years. CloudBees is helping customers build the future, today.

About the role

This specific opening is for a security / Compliance SME to work with the Principal product manager in creating compelling Security & compliance offering that is fully integrated into the SDLC, providing our customers the ability to build faster and stay secure by automating the control assurance activities revolving around the CI/CD workflows and providing evidence as a service. 

According to Gartner, by 2026, 70% of enterprises will have integrated compliance as code into their DevOps toolchains, reducing risk management and improving lead time by at least 15%.

Hence this is a significant opportunity to drive a positive transformation across the DevSecOps landscape delivering value to our customers. You will leverage your skills as a security and compliance practitioner to drive the product towards the vision set by the Business. You will work closely with the engineering team to develop compelling features that eliminate the fragmented manual processes involved in security assurance and deliver automated evidence artifacts that are defensible with auditors and compliance officers.

What You’ll Do

• Understand the customer/user pains, industry trends, current customer/user behavior, and anything else that can provide context to drive the product team’s decision-making.
• Partner with design, engineering, and documentation to deliver a product that achieves the desired business outcomes.
• Collaborate with and enable all internal stakeholders including: sales, marketing, and customer support.
• Partner with other product teams to drive corporate objectives.
• Communicate verbally and through writing with anyone and everyone interested in your product for whatever reason.
• Define product specs, user stories, mockups, and acceptance criteria in collaboration with other your team of PMs, engineering or independently.
• Develop a deep understanding of the market landscape and identify key areas of competitive differentiation and market disruption.
• Contribute actively to the refinement of CloudBees product's cybersecurity features, maintaining a deep understanding of emerging technologies and industry best practices.
• Conduct regular security analysis and threat assessments, identifying vulnerabilities and potential improvements in the product's security.
• Generation of technical marketing requirements documents and creation of product roadmaps.
• Collaborate closely with CloudBees cybersecurity team to develop comprehensive security measures and strategies for the product, ensuring alignment with organizational objectives.
• Keep abreast with the changing regulatory requirements and maintain the compliance frameworks within the product in synch with these requirements, delivering value to our customers. 

Role Requirements

• Solid understanding of how developers and security teams use popular security scanners like Checkmarx, Snyk,  Wiz, Tenable, Palo Alto Prisma (Twistlock), Black Duck, synopsys and more.
• Good understanding of AWS, Google, Microsoft Azure clouds.
• Demonstrated expertise in cybersecurity with a thorough understanding of the latest trends, solutions, and best practices in the industry, e.g. Application Security Posture Management (ASPM), Continuous Cyber and IT controls monitoring (CCM).
• Thorough understanding of compliance frameworks like NIST and Fedramp and the audit process around demonstrating compliance effectively.
• Practical experience of the System Development Life Cycle, Software Development Life Cycle, and Agile framework.
• Expertise in risk analysis, threat modeling, and vulnerability assessments.
• Experience in coordinating with diverse cross-functional teams, including software engineers, designers, and stakeholders to drive the necessary outcomes.
• Strong technical abilities and a track record of working through complex technical problems. Strong troubleshooting and problem-solving skills.
• Excellent communication skills, both written and verbal, to effectively convey complex technical concepts to non-technical stakeholders.
• Demonstrated understanding of the techniques and methods of modern product discovery, design and product delivery.
• 2+ years working on technology-powered products as a product manager.
• Proven ability to engage with engineers, designers, and company leaders in a constructive and collaborative relationship (especially in a remote environment).
• Proven ability to convert specific customer requirements into extensible and reusable platform capability.

It would be desirable, but not essential, if you also had one or more of:

• Practical experience of ISO27001/27004/27005 or NIST Risk Management Framework (RMF);
• Experience in security accreditation e.g. PCI-DSS, FedRAMP, NIST SSDF, NIST 800-53, ISO 27001, DORA;
• Cyber security certification e.g. Certified Information System Security Professional (CISSP), Cloud Certified Security Professional (CCSP).

We’re invested in you!

We offer generous paid time off to allow our employees time to rest, recharge and to be present with family and friends throughout the year. At CloudBees, we truly believe that the more diverse we are, the better we serve our customers. A global community like Jenkins demands a global focus from CloudBees. Organizations with greater diversity—gender, racial, ethnic, and global—are stronger partners to their customers.

Whether by creating more innovative products, or better understanding our worldwide customers, or establishing a stronger cross-section of cultural leadership skills, diversity strengthens all aspects of the CloudBees organization. In the technology industry, diversity creates a competitive advantage. CloudBees customers demand technologies from us that solve their software development, and therefore their business problems, so that they can better serve their own customers. CloudBees attributes much of its success to its worldwide work force and commitment to global diversity, which opens our proprietary software to innovative ideas from anywhere.

Along the way, we have witnessed firsthand how employees, partners, and customers with diverse perspectives and experiences contribute to creative problem-solving and better solutions for our customers and their businesses.

Scam Notice

Please be aware that there are individuals and organizations that may attempt to scam job seekers by offering fraudulent employment opportunities in the name of CloudBees. These scams may involve fake job postings, unsolicited emails, or messages claiming to be from our recruiters or hiring managers. Please note that CloudBees will never ask for any personal account information, such as cell phone, credit card details or bank account numbers, during the recruitment process. Additionally, CloudBees will never send you a check for any equipment prior to employment.

All communication from our recruiters and hiring managers will come from official company email addresses (@cloudbees.com) or from Paylocity and will never ask for any payment, fee to be paid or purchases to be made by the job seeker. If you are contacted by anyone claiming to represent CloudBees and you are unsure of their authenticity, please do not provide any personal/financial information and contact us immediately at tahelp@cloudbees.com.

We take these matters very seriously and will work to ensure that any fraudulent activity is reported and dealt with appropriately. If you feel like you have been scammed in the US, please report it to the Federal Trade Commission at: https://reportfraud.ftc.gov/#/.

In Europe, please contact the European Anti-Fraud Office at: https://anti-fraud.ec.europa.eu/olaf-and-you/report-fraud_en

Some signs of a recruitment scam:

• Ensure there are no other domains before or after @cloudbees.com. For example: “name.dr.cloudbees.com”
• Check any documents for poor spelling and grammar – this is often a sign that fraudsters are at work.
• If they provide a generic email address such as @Yahoo or @Hotmail as a point of contact.
• You are asked for money, an “administration fee”, “security fee” or an “accreditation fee”.
• You are asked for cell phone account information.
• You are asked to cash a check for “equipment” prior to start.
• You are offered a job offer immediately or without an interview.

#LI-Remote