Manager, Product Security

Company overview:
TraceLink's software solutions and Opus Platform help the pharmaceutical industry digitize their supply chain and enable greater compliance, visibility, and decision making. It reduces disruption to the supply of medicines to patients who need them, anywhere in the world.

Founded in 2009 with the simple mission of protecting patients, today Tracelink has 8 offices, over 800 employees and more than 1300 customers in over 60 countries around the world. Our expanding product suite continues to protect patients and now also enhances multi-enterprise collaboration through innovative new applications such as MINT.

Tracelink is recognized as an industry leader by Gartner and IDC, and for having a great company culture by Comparably.

We are seeking a highly motivated and experienced Manager of Product Security to lead and strengthen our security engagement with the Product Development and Operations organizations. This role provides both the vision and hands-on leadership for ensuring that security practices, principles, and tooling are seamlessly integrated throughout the Software Development Life Cycle (SDLC). The Manager will serve as a trusted advisor to product teams, providing expert consultation and guidance, while also overseeing testing and validation of products to proactively identify and mitigate security risks.

Key Responsibilities

• Lead and mentor the Product Security team, setting goals, priorities, and resource plans. Define key metrics to measure the effectiveness of product security efforts, ensuring security is both a driver of product trust and not a bottleneck for innovation.
• Partner with Product Management, Engineering, DevOps, and Cloud Operations teams to integrate security throughout the SDLC and drive security as a business enabler. Provide training, mentorship, and guidance to elevate overall security awareness and maturity.
• Define, promote, and facilitate secure design practices, threat modeling, secure coding, and security testing standards.
• Oversee and perform code reviews, security testing (SAST, SCA, DAST), penetration testing, and vulnerability analysis. Manage and optimize the associated tools to ensure coverage, accuracy, scale, and speed. Coordinate independent testing.
• Identify, assess, and mitigate product security risks across applications, platforms, and supporting infrastructure working with the relevant teams.
• Stay current with evolving security threats, technologies, and industry practices, ensuring our products and processes remain resilient and competitive. Maintain, evolve, and promote product security policies, standards, and procedures as needed.
• Support TraceLink's security certifications, attestations, and compliance requirements through daily practices.
• Provide expert input during investigations and incident response activities.

Qualifications
Required

• Demonstrated leadership experience managing security initiatives and teams.
• Demonstrated ability to collaborate effectively with cross-functional teams in agile environments.
• Excellent communication skills with the ability to advise non-technical stakeholders and influence product strategies.
• Strong technical foundation in secure development practices, application architecture, common vulnerabilities (OWASP Top 10, CWE, CVE), and modern software deployment models (cloud-native, containerized, CI/CD pipelines).
• Hands-on experience with secure application design, development, and testing. Familiar with use and management of associated tooling (SAST, SCA, DAST, penetration testing). Strong understanding of secure coding practices, especially in Java and JavaScript.

Preferred

• Familiarity with AWS services and cloud-native security best practices.
• Experience with microservices architecture and supporting technologies.
• Experience working with Agile/Scrum software development methodologies.
• Industry certifications (e.g., CSSLP, CCSP, Offensive Security, SANS Security, AWS Security).
• Bachelor's degree in Computer Science, Security, or related field—or equivalent experience.

Please see the Tracelink Privacy Policy for more information on how Tracelink processes your personal information during the recruitment process and, if applicable based on your location, how you can exercise your privacy rights. If you have questions about this privacy notice or need to contact us in connection with your personal data, including any requests to exercise your legal rights referred to at the end of this notice, please contact Candidate-