Product Manager, Product Security

The Nielsen Legal Team supports the company globally, protecting Nielsen’s business, products, intellectual property and reputation. The team places a focus on developing excellence and agility as we minimize risk and move the business forward. The team comprises attorneys, paralegals and legal assistants. Whether we’re solving a problem or averting a crisis, we are focused on creating the best environment possible to advance Nielsen’s reputation, preserve business opportunities, and help business to flourish. Nielsen, the leading company in advertising measurement and outcomes, is searching for an exceptional candidate to support the Product Security organization. This role will support the organization by refining a roadmap of service offerings to our internal clients, measuring the quality and quantity of that work, and overseeing the delivery of our services. As Nielsen constantly innovates to maintain its leadership in a changing marketplace, its Product Manager, Product Security will ensure that Nielsen's platforms and applications are built securely.The Product Manager, Product Security accelerates secure software development and cloud security by helping define and deliver world-class product security services.  They will also play a major role in managing our program initiative of "shifting left" security practices in the DevSecOps lifecycle. A strong candidate for this role will need to maintain an understanding of changing business needs, build a culture of security in software engineering, and partner with leaders across Product, Cybersecurity, and Technology. 

Responsibilities

• Product and Platform Security
The Product Manager, Product Security will execute Nielsen’s security strategy for our go-to-market products and platforms. In joint collaboration with Product Leadership, DevOps, Engineering, and Data Science teams, the Product Manager, Product Security will do the following: 
• Define the capabilities of the Product Security team
• Drive adoption of the right service delivery model for implementing new solutions, products, and modules.
•  Identify and prototype key solutions required to drive improvement
• Define, deploy, and track the quantity and quality of services that Product Security offers to the organization
• Lead cross-functional strategy meetings related to driving adoption of security tools
• Maintain an awareness and working knowledge of Product Security tools

• Cybersecurity as a Product 
Nielsen is committed to a DevOps culture where best security practices are integrated, understood, and thrive--resulting in true DevSecOps. This is achieved through the utilization of modern technologies to automate security controls. As a Cloud-first organization, we operate and develop in an ecosystem where deployment and CI/CD pipelines can embed security measures that can achieve speed and scalability through technology. The Product Manager, Product Security will collaborate with teams to: 
• Define and lead delivery of a portfolio of Product Security services that help business product teams accomplish security objectives
• Own internal customer feedback end to end and use captured insights to create and manage service improvement roadmaps

• Engineering & Developer Partnership 
To effect and maintain a culture of security within Nielsen’s engineering, technology, software development, business and operations teams, the Product Manager, Product Security with the Product Security team must: 
• Maintain an open, collaborative, and consultative culture supported by outreach and education across Nielsen
• Bring consistent focus on measuring and understanding value and impact of Product Security services Partner with teams early and proactively to serve as a stakeholder advocate
• Share knowledge and actively bridge relationships into other verticals in the Cybersecurity organization

Qualifications

• BS in a technical discipline with 8-years of experience or equivalent experience without a degree
• Demonstrated expertise in product management with software and/or security teams
• Exceptional written and verbal communication skills, with the ability  to communicate security objectives and concepts to engineering and business teams
• Proficiency with product and program management methodologies including agile practices (example - Scaled Agile Framework), voice of the customer analysis, and service delivery metrics
• Experience with SAST, DAST, SCA and penetration testing tools
• High degree of comfort speaking about software development practices
• Understanding of application and product architectures, programming languages, web application stacks, and SDLC pipelines
• Strong interpersonal skills; capable of understanding business needs and translating them into architectural standards/diagrams; able to translate complex data and architectural concepts and principles into easily-understanding information by LOBs; ability to design and deliver architectural presentations to IT, senior leadership, and business partners
• Ability to consistently challenge teams to define the “next action”

Preferred Qualifications

• High comfort level with cloud providers including IaaS, PaaS, SaaS
• Industry related certification such as Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA), Certified Ethical Hacker (CEH), Certified in Risk and Information Systems Control (CRISC), or Certified Information Systems Security Professional (CISSP) are valued
General cyber security with sufficient knowledge of modern DevSecOps technologies such as:
• Containers (Docker, Kubernetes, etc.)
• Infrastructure as code (Docker, Ansible, Chef, Terraform, etc.)
• Continuous integration / Continuous Deployment (Jenkins, etc.)
• Integration of Security testing tools into pipeline
• Defect and Issue tracking (Jira, ServiceNow etc.)
• Source code management (GitLab, Github, BitBucket, etc.)
• QA Testing tools (nUnit, jUnit, Selenium, Cucumber, etc.)
• Application security testing tools (SAST, DAST, IAST, OSA, etc.)
• Cloud Posture Assessment Tools
• Cloud configuration Drift Detection
• Unix, Linux, and Windows 
• Cloud environment (AWS, Azure, GCP, etc)