Principal Product Security Manager - Regulations and Standards
Job Overview
The Product Security Manager for regulations and standards will lead Arm’s efforts to meet and maintain compliance with evolving global product security regulations, including the EU Cyber Resilience Act (CRA). This role will work multi-functionally with engineering, legal, product management, and security teams to ensure Arm’s products and processes align with regulatory requirements while supporting innovation and customer trust. It also consists of actively representing Arm in key international standards and regulatory working groups helping build the industry landscape.
Responsibilities
Regulatory Monitoring & Strategy
* Track, analyse, and interpret upcoming product security regulations (e.g., EU CRA, NIS2, U.S. cybersecurity labelling).
* Develop and communicate a regulatory compliance roadmap tailored to Arm’s product portfolio.
* Serve as the internal subject matter expert on security-related regulatory obligations.
Compliance Program Development
* Support the product security team in implementing policies, frameworks, and processes to ensure product compliance with security regulations.
* Lead risk assessments and gap analyses against regulatory requirements.
Cross-functional Coordination
* Partner with engineering and product teams to embed compliance requirements into product design and development.
* Work closely with Legal and Corporate Security to align regulatory, contractual, and certification requirements.
* Support incident response planning and regulatory reporting obligations.
Training & Awareness
* Develop training and awareness programs to ensure staff understand and implement security compliance practices.
* Provide guidance to product teams on practical application of CRA and other regulations.
Required Skills and Experience
* Strong knowledge of product security regulations and standards, and their associated communities, including but not limited to the: EU CRA, ENISA, UK PSTI, BSI, NIS2, OpenSSF
* Experience with Security Development Lifecycles and product security assurance, including requirement management, threat modelling, security testing, and incident response
* Previous involvement in regulatory advocacy, industry working groups, or standards development.
* Proven ability to interpret legal/regulatory text and translate into actionable technical requirements.
* Project management and program coordination skills across multiple collaborators.
Nice To Have Skills and Experience
* Familiarity with the security of embedded systems, semiconductors, software supply chain security
* A history of low-level software or hardware development/architecture
* Knowledge of ISO 21434, IEC 62443, SESIP, PSA Certified
At Arm, we want to build extraordinary teams. If you need an adjustment or an accommodation during the recruitment process, please email accommodations@arm.com. Arm is an equal opportunity employer, committed to providing an environment of mutual respect where equal opportunities are available to all applicants and colleagues.
#J-18808-Ljbffr