Senior Director, Product Security Operations Leader

Thomson Reuters is the leading source of intelligent information for the world's businesses and professionals, providing customers with competitive advantage. Intelligent information is a unique synthesis of human intelligence, industry expertise and innovative technology that provides decision-makers with the knowledge to act, enabling them to make better decisions faster. Through its more than 45,000 people across 100 countries, Thomson Reuters delivers this must-have insight to the financial, legal, tax and accounting, scientific, healthcare and media markets, and is powered by the world's most trusted news organization.

Essential Responsibilities:

As the Senior Director, Product Security Operations Leader you will develop a best in class enterprise Product Security Operations Program. Reporting to the Vice President, Product Security, you will work closely with the product management, software development and commercial teams to establish a strong security culture and build security by design into the software development process. You will define the value of enhanced information security capabilities of Thomson Reuters' products to internal and external stakeholders. You will provide input and oversight to help build robust and secure solutions that scale to the needs of professionals that depend on Thomson Reuters' products daily.

Key Responsibilities:

  • Define a Product Security strategy for Thomson Reuters' products to support business and customer needs.
  • Collaborate with the go to market teams in order to understand the key Thomson Reuters' partnerships, and how information security can help drive revenue and retention from a customer value proposition perspective.
  • Drive product adoption externally to consumers by developing customer personas in order to learn and anticipate their needs.
  • Partner with software engineers and development teams on building information security requirements and specifications into Thomson Reuters' products.
  • Act as a technical security subject matter expert (SME) for our applications and product capabilities in pre and post-sales discussions.
  • Facilitate compliance with product security policies, practices and legal requirements
  • Provide coaching, on-the-job and hands-on Product Security training, creation of reference materials, and procedures.
  • Develop and lead an enterprise Product Security Operations Program.
  • Develop and establish operational metrics to monitory the security and risk posture for all Thomson Reuters' products.
  • Develop and lead the Product Security Incident Response (PSIRT)
  • Assist in the writing and publication of Product Security whitepapers
  • Liaise with Legal, Communication and Product Management teams to support uproduct vulnerability disclosures and support commercial teams with Product Security inquiries
  • Review internally developed code for advanced security issues as part of an Agile Development process and educate Product Development teams on secure coding best practices.
  • Develop and utilize automation and analytics capabilities to improve our cyber threat detection and prevention capabilities.
  • Develop an enterprise process for Product Security certifications
  • Develop and assist in the implementation of threat modeling exercises with product teams.
  • Research and evaluate new Product Security technologies for internal consumption.

Required Expertise/Experience:

  • Bachelor's degree, preferably in Computer Sciences or Technology.
  • 8 years of IT/software development and product security related experience.
  • 3 years of software development experience.

Experience with most of the programming languages, software engineering methodologies, and software development tools our team uses:

  • Java, Groovy, jUnit, Spock, SQL, Elasticsearch
  • Angular2, ngrx, HTML5, JSON
  • AWS, UNIX/Shell, Jenkins, Gradle
  • IntelliJ, GIT, TFS
  • Aspose, JxBrowser
  • 4 years of product security experience in a global enterprise.

Demonstrated and hands-on experience in the following areas:

  • Application/Product assessment, Product Security Incident Response (PSIRT), security and risk metrics, & whitepaper publication
  • Willing to travel internationally up to 20%.
  • CISSP, CISA, & CISM preferred.
  • Strong understanding of the software development lifecycle (SDLC).
  • Strong experience in conducting static analysis (SAST), dynamic analysis (DAST), security technical implementation guide (STIG), and fuzz testing (FUZZY) and vulnerability scans
  • Experience with various security tools and products (Fortify, Burp Suite, HP Webinspect, Checkmarx, Nessus, IBM AppScan, etc.)
  • Experience with common security scoring systems – CVSS v3 and CWSS, and secure coding standards/best practices
  • Experience with, or willingness to become involved with, international security standards, such as those developed by IEEE, ISO, IEC, SAE, FIPS, PCI, and IIC
  • Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications.
  • Excellent verbal and written communication skills.

At Thomson Reuters, we believe what we do matters. We are passionate about our work, inspired by the impact it has on our business and our customers. As a team, we believe in winning as one – collaborating to reach shared goals, and developing through challenging and meaningful experiences. With over 50,000 employees in more than 100 countries, we work flexibly across boundaries and realize innovations that help shape industries around the world. Bring your ambition to make a difference. We'll bring a world of opportunities.

As a global business we rely on diversity of culture and thought to deliver on our goals. To ensure we can do that, we seek talented, qualified employees in our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under country or local law. Thomson Reuters is proud to be an Equal Employment Opportunity Employer providing a drug-free workplace.

Intrigued by a challenge as large and fascinating as the world itself? Come join us.

To learn more about what we offer, please visit

More information about Thomson Reuters can be found on

Meet Some of Thomson Reuters's Employees

Stephanie B.

Producer, Facebook Live

Stephanie creates innovative video copy for live Facebook feeds, working with reporters right in the office, as well as those stationed all around the world.

Catherine N.

Energy Markets Reporter

Catherine follows the fluctuating trends of the oil industry, reporting on market changes and issues in ways that are easily understandable to those who aren’t completely familiar with the field.

Back to top