What you will be doing
As the Principal Product Security Manager, you will be accountable for establishing a robust, modern Secure Development Lifecycle (SDLC) framework across Ricoh Europe. This includes developing policy, setting and enhancing engineering standards, building a centre of excellence, shaping security tooling and governance, and ensuring secure practices are adopted consistently across regions.
You will manage a small high‑performing core team and build a wider virtual team of technical contributors across Europe. Operating as part of Ricoh's senior security leadership, you will influence delivery teams, challenge existing norms and drive a culture of “shift left” to significantly reduce security vulnerabilities across our products and services.
Key Responsibilities
Leadership, Strategy and Governance
* Creating and leading a small team of advanced security specialists, including talent acquisition, coaching and performance management
* Building a pan-European virtual network of technical contributors to embed secure development capability across regions
* Working with senior executives, product leaders and global teams to align on global secure development practices
* Developing a comprehensive secure development policy framework aligned to NIST SSDF, OWASP SAMM/ASVS, ISO 27034 and our own internal standards
* Managing the secure development budget and building business cases supporting investment in security improvements
SDLC Framework Ownership
* Designing/enhancing secure engineering guardrails, coding standards, and lifecycle governance policies
* Leading the rollout and adoption of secure development frameworks across multiple engineering teams as well as managing where we already have this capability
* Ensuring alignment with regulatory standards, security baselines and organisational risk priorities
* Conducting internal audits, defining KPIs and reporting performance trends across teams
Tooling and Engineering Enablement
* Developing a tooling strategy for secure development, including CI/CD integration, SCM, SAST, SCA and automated testing
* Leading the implementation of secure pipelines, reference environments and developer-friendly controls
* Defining best practices for code quality, defect reduction and testing maturity
* Supporting supply chain security, including SBOMs, provenance checks, artefact security and signing
Training, Stakeholder Engagement and Culture
* Building a centre of excellence offering clear guidance, training and reference material for secure development
* Delivering education on secure coding, threat modelling and SDLC best practice
* Challenging current norms and helping teams balance efficient delivery with robust security
* Supporting creation of security champions communities across Europe
Continuous Improvement
* Conducting maturity assessments and driving improvement roadmaps
* Staying ahead of emerging threats, tooling and secure engineering trends
* Ensuring incident readiness, forensic logging and integration with SRE/SOC playbooks
You will ideally have
Technical Expertise
* Strong background in secure development, SDLC governance and software engineering
* Experience with NIST SSDF, OWASP SAMM/ASVS, ISO 27034 or similar frameworks
* Deep understanding of secure coding, cryptography, and vulnerability prevention (e.g., OWASP Top 10, API Top 10)
* Hands‑on familiarity with CI/CD pipelines, SAST/SCA tooling, fuzz testing and code quality processes
* Experience building or maintaining SBOMs, supply chain security and provenance controls
* Cloud security knowledge (IAM, encryption, configuration hardening), ideally with Azure
* Ability to interpret red team findings and translate attack chains into practical mitigation strategies
Leadership And Stakeholder Skills
* Proven experience managing senior technical specialists and leading multi-disciplinary teams
* Skilled in steering large-scale business change and building virtual teams across regions
* Strong communicator capable of simplifying complex technical issues for executives
* Ability to influence, negotiate and challenge without direct authority
* Experience presenting to senior leadership, including board-level stakeholders
Business and Strategic Acumen
* Strong understanding of product lifecycle management, engineering processes and commercial drivers
* Ability to embed security within agile delivery, DevOps workflows and hybrid models
* Experience in regulated environments and awareness of legal/compliance expectations
* Ability to deliver business value through improved security, consistency and resilience
Qualifications & Experience
* Degree in Computer Science, Software Engineering or similar (or equivalent experience)
* Certifications such as CISSP or CSSLP are highly advantageous
* Senior‑level experience (e.g., Head of Secure Development, Director of Secure Engineering) in enterprise‑scale environments
* Evidence of improving SDLC performance, implementing governance controls and influencing engineering teams
We are an equal opportunities employer. We believe that diverse perspectives make us stronger, and we welcome applications from people of all backgrounds, identities, and experiences. Our hiring decisions are based on skills, experience and potential, and we are committed to creating a fair and inclusive recruitment process. If you require any reasonable adjustments at any stage of the recruitment journey, please let us know and we will support you to bring your best self forward.
#J-18808-Ljbffr