Director, Product Security Strategy and Enablement
Location: United States, Georgia, Atlanta
Address: 1 - Corp Atlanta Ravinia, Three Ravinia Drive, Suite 100, 30346
Job number: 165603
Hiring Salary: USD 159,783.00 - 195,000.00 YEARLY
The Director, Product Security Strategy & Enablement is responsible for defining and operating the Product Security operating model and driving portfolio-level execution across the department. This leader translates Product Security strategy into scalable processes, governance, and execution — providing portfolio-level structure, visibility, and enablement so that work is prioritized, tracked, and reported consistently. Through standardization, automation, and AI-enabled capabilities, this role enables predictable delivery and measurable risk reduction across the program.
This position sits within a unified Product Security department — established to address an accelerating, AI-driven threat landscape with enterprise-wide scope across corporate and hotel-managed environments. Reporting to the Head of Product Security, this role provides the connective operating discipline across the Vulnerability Management, Exposure Management, Application Security, and Remediation and Response functions, ensuring the organization operates cohesively as a whole rather than as separate workstreams.
Your Day to Day
- Set and operationalize Product Security strategy across people, process, and tooling — defining the roadmap, setting OKRs, and running planning, prioritization, and review cadences that translate strategy into execution.
- Establish and operate the Product Security operating model — including documented processes, decision forums, decision rights, execution standards, and governance cadences across all workstreams.
- Provide portfolio-level structure and executive visibility into outcomes — ensuring work across Vulnerability Management, Exposure Management, Application Security, and Remediation and Response is prioritized, tracked, and consistently reported through KPIs, leadership updates, and monthly and quarterly business reviews.
- Own portfolio, budget, and vendor management — including budget forecasting, the security tool portfolio, renewals, statements of work, and vendor performance — in partnership with Finance and Procurement.
- Define, enforce, and mature secure SDLC governance — establishing mandatory security requirements and quality gates across planning, design, build, release, and operate; governing threat modeling standards and integration; and managing exceptions, risk acceptances, compensating controls, and their expirations.
- Lead continuous compliance and audit enablement for product-security-related controls — coordinating evidence, embedding and monitoring controls, and driving remediation of audit findings to closure.
- Govern large and/or complex remediation programs — providing program-level structure, milestones, and escalation paths — and enable scale and efficiency through process standardization, automation, and AI-enabled capabilities that reduce manual effort and increase execution consistency.
- Lead, coach, and develop the portfolio, programs, and compliance functions while partnering with Product Security leaders and cross-functional stakeholders across ETS, the broader Product and Technology organization, business information security officers, centers of excellence, Finance, and Procurement to align strategy, delivery, and measurement.
What We Need From You
- 10+ years of progressive security experience across multiple disciplines, technologies, or processes, including 5+ years establishing organizational structure and managing subordinate teams.
- Substantial leadership-level experience across product and application security domains — vulnerability management, application and API security, exposure and attack-surface management, and remediation operations — with a thorough understanding of the software and system development lifecycle.
- Expert in secure SDLC governance, security controls, and quality gates, with familiarity across the full lifecycle tooling ecosystem including SAST, SCA, DAST, secrets detection, API security, cloud posture, and attack-surface and asset-management tooling.
- Demonstrated experience defining and operating an operating model — processes, governance, decision forums, and execution cadence — across multiple functions or workstreams, with strong portfolio and program management capability from conception through implementation (milestones, risks, success criteria).
- Proven experience owning budgets, tool portfolios, statements of work, vendor contracts, and vendor performance, with general knowledge of budgeting, cost estimation, and scheduling; skilled at defining KPIs and metrics and driving maturity improvement with strong executive reporting.
- Working knowledge of compliance and audit enablement for product-security-related controls (e.g., PCI, SOX), including evidence coordination and control monitoring, and familiarity applying automation and AI-enabled capabilities to scale security workflows.
- Demonstrated effectiveness in executive presentation, escalation management, and leadership by influence — able to build relationships with senior technology and business leaders, adapt to multiple management styles, and communicate highly technical information clearly across all levels of the organization.
- Proven change agent and team builder — result-focused, action-oriented, and able to manage changing priorities in a highly dynamic environment while leading, developing, and inspiring multi-disciplined teams.
Travel - 10%
Location - Atlanta, GA: Our hybrid work structure is an expectation of three (3) days a week in office. This expectation may be adjusted to evolve with the changing needs of the business.
Who we are
Don't quite meet every single requirement, but still believe you'd be a great fit for the job? We'll never know unless you hit the 'Apply' button. Start your journey with us today.
Important information:
- The salary range listed is the lowest to highest pay scale we, in good faith, believe we would pay for this role at the time of this posting. We may ultimately pay more or less than the posted range, and the range may be modified in the future. An employee’s pay position within the pay range will be based on several factors, including relevant education, qualifications, certifications, experience, skills, seniority, geographic location, performance, shift, travel requirements, sales or revenue-based metrics, and business or organizational needs.
- No amount of pay is considered to be wages or compensation until it is earned, vested, and determinable. The amount and availability of any bonus, commission, or other form of compensation allocable to a particular employee remain in the Company's sole discretion unless and until paid and may be modified at the Company’s sole discretion, consistent with the law.
- EEO Is The Law - click here for more information about Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled/Sexual Orientation/Gender Identity.
- If you require reasonable accommodation during the application process, please click here.
- IHG does not accept applications, inquiries, or unsolicited CVs/resumes from staffing or recruiting agencies. Please click here for our agency policy.
- If you are a resident of or applying to a job opening in the State of Washington, please click here to read about applicable benefits.
Hiring Salary: USD 159,783.00 - 195,000.00 YEARLY