Product Security Risk Manager

Product Security Risk Manager

Location: Hybrid in Boston, MA or Raleigh or Durham, NC

Full-time

Remote in North America will be considered for the right candidate.

Job Description:

The Red Hat Product Security team is looking for a Product Security Risk Manager to join us within the Global Engineering organization. In this role, you will be responsible for continuing to mature and enhance our risk management capabilities by identifying and managing risks that may impact our security and technology visions for the open hybrid cloud. This will involve continuing to enhance our risk management posture, performing technical analysis of potential risks, finding and advocating for paths to resolution, and engaging with senior leaders to accurately articulate risk. You will accomplish this by successfully collaborating across product management, product engineering, and partner ecosystems. This is a senior leadership role that offers you a broad range of responsibilities and challenges, and is ideal for an industry leader in open source looking to expand their global visibility, influence, and impact.

The location for this role is in North America, ideally in the Boston, MA or Raleigh or Durham, NC areas, however remote in North America will be considered for the right candidate. Successful applicants must reside in a state where Red Hat is registered to do business.

What you will do

• Own and Evolve the Risk Management Methodology: Develop, own, and manage the central Product Security risk register, establishing it as the single source of truth for tracking and decision-making.You will refine and standardize our security risk management practices and playbooks.

• Assess and Quantify Risk: Partner with technical teams to establish a consistent methodology for assessing and quantifying risk that goes beyond traditional severity scores to incorporate business context such as product impact, revenue, and reputational damage.

• Translate and Articulate Risks: Translate complex technical issues and compliance gaps into clear, quantifiable business impact for non-technical audiences. You will interpret cybersecurity risk analyses in business terms and recommend a responsible course of action.

• Drive Governance and Coordination: Lead a cross-functional risk governance committee to review and act on top risks. You will drive remediation progress, manage the formal risk exception process, and participate in developing key risk indicators (KRIs), key control indicators (KCIs), and key performance indicators (KPIs) for various programs.

• Create Tailored Reporting: Design and deliver tailored risk reports, metrics, and dashboards for diverse audiences, including executive leadership, product engineering leaders, legal, and sales organizations. You will work with security leadership to present information and influence change.

• Improve and Standardize Processes: Build a structured, repeatable program for risk identification, assessment, and communication across the organization. This includes developing templates and materials to enable self-service risk management and continuously monitoring and improving the effectiveness of risk management processes and security functions.

• Build Thought Leadership: Develop learning and development materials to foster a culture of risk awareness. You will grow the presence and thought leadership of the security risk management practice.

What you will bring

• Technical and Risk Expertise

• 7+ years of experience in product security, application security, or a technical GRC (Governance, Risk, and Compliance) role.

• Deep understanding of core security concepts, including the Secure Development Lifecycle (SDL), threat modeling, vulnerability management, and risk assessment methodologies.

• Experience building and managing a risk register using dedicated GRC platforms or other tools like Jira.

• A bachelor's degree in a related field or an industry certification like CISSP, CGRC, CRISC or CISM are beneficial but not required.

• Business Acumen and Communication

• Exceptional ability to translate deep technical issues into clear business risks, explaining the "so what" to senior leaders.

• Excellent verbal and written communication skills, with experience presenting to both executive and technical audiences in highly collaborative environments.

• Proven skill in influencing cross-functional teams and senior leadership without direct authority.

• Program Management and Execution

• A process-oriented mindset with demonstrated experience building structured programs from ambiguous or ad-hoc processes.

• High attention to detail and the ability to break down large, complex strategies into achievable actions and tasks.

• Strong organizational skills to manage multiple stakeholders and drive complex projects to completion.

• Proactively leverage AI technologies to streamline workflows, simplify complexity, and enhance overall efficiency.

The salary range for this position is $189,600.00 - $312,730.00. Actual offer will be based on your qualifications.

Pay Transparency

Red Hat determines compensation based on several factors including but not limited to job location, experience, applicable skills and training, external market value, and internal pay equity. Annual salary is one component of Red Hat's compensation package. This position may also be eligible for bonus, commission, and/or equity. For positions with Remote-US locations, the actual salary range for the position may differ based on location but will be commensurate with job duties and relevant work experience.

About Red Hat

Red Hat is the world's leading provider of enterprise open source software solutions, using a community-powered approach to deliver high-performing Linux, cloud, container, and Kubernetes technologies. Spread across 40+ countries, our associates work flexibly across work environments, from in-office, to office-flex, to fully remote, depending on the requirements of their role. Red Hatters are encouraged to bring their best ideas, no matter their title or tenure. We're a leader in open source because of our open and inclusive environment. We hire creative, passionate people ready to contribute their ideas, help solve complex problems, and make an impact.

Benefits

● Comprehensive medical, dental, and vision coverage

● Flexible Spending Account - healthcare and dependent care

● Health Savings Account - high deductible medical plan

● Retirement 401(k) with employer match

● Paid time off and holidays

● Paid parental leave plans for all new parents

● Leave benefits including disability, paid family medical leave, and paid military leave

● Additional benefits including employee stock purchase plan, family planning reimbursement, tuition reimbursement, transportation expense account, employee assistance program, and more!

Note: These benefits are only applicable to full time, permanent associates at Red Hat located in the United States.

Inclusion at Red Hat

Red Hat's culture is built on the open source principles of transparency, collaboration, and inclusion, where the best ideas can come from anywhere and anyone. When this is realized, it empowers people from different backgrounds, perspectives, and experiences to come together to share ideas, challenge the status quo, and drive innovation. Our aspiration is that everyone experiences this culture with equal opportunity and access, and that all voices are not only heard but also celebrated. We hope you will join our celebration, and we welcome and encourage applicants from all the beautiful dimensions that compose our global village.

Equal Opportunity Policy (EEO)

Red Hat is proud to be an equal opportunity workplace and an affirmative action employer. We review applications for employment without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, citizenship, age, veteran status, genetic information, physical or mental disability, medical condition, marital status, or any other basis prohibited by law.

Red Hat does not seek or accept unsolicited resumes or CVs from recruitment agencies. We are not responsible for, and will not pay, any fees, commissions, or any other payment related to unsolicited resumes or CVs except as required in a written contract between Red Hat and the recruitment agency or party requesting payment of a fee.

Red Hat supports individuals with disabilities and provides reasonable accommodations to job applicants. If you need assistance completing our online job application, email application-assistance@redhat.com. General inquiries, such as those regarding the status of a job application, will not receive a reply.