DevSecOps Product Manager

This Product Manager role is focused on delivering impactful internal DevSecOps capabilities as both a product and a set of capabilities. The role is designed to emphasize user-centricity, adoption, and value delivery, which are core to product management.

Key Responsibilities:

• Scope the product and define the product vision.
• Formalize the problem to solve, existing processes, and use case business objectives.
• Break down business issues into micro-issues.
• Research and document the end-users' context, objectives, and pain points.
• Define a clear and simple product vision.
• Define the way and the extent to which DevSecOps can solve the business challenges.
• Ensure consistent application of security controls and best practices across development and operations.
• Collaborate with architects and engineers to align DevSecOps solutions with enterprise architecture standards.
• Drive continuous improvement initiatives to enhance automation, security, and delivery speed.
• Provide technical guidance and mentoring to engineering teams on DevSecOps practices and tooling.
• Contribute to risk assessments, audits, and incident response planning and execution.
• Promote knowledge sharing and advocate for DevSecOps adoption across teams and regions.
• Measure platform adoption and maturity across teams; adjust the roadmap based on usage data and feedback.
• Collaborate with a Product Owner who handles day-to-day delivery, while the Product Manager focuses on vision, alignment, and value.

Vision and Strategy Development:

1. Develop and articulate a clear vision for the DevSecOps program that aligns with Sodexo's strategic business objectives .
2. Define and communicate the strategic roadmap for integrating security practices throughout the development lifecycle .

Governance and Compliance:

1. Establish governance frameworks to ensure adherence to global security policies and compliance standards .
2. Implement regular audits and risk assessments to identify and mitigate potential security threats .

Stakeholder Engagement:

1. Foster strong relationships with key stakeholders, including senior leadership, to ensure buy-in and support for DevSecOps initiatives .
2. Conduct quarterly demos and automated reporting to maintain transparency and keep stakeholders informed of progress .

Continuous Improvement:

1. Drive continuous improvement initiatives to enhance automation, security, and delivery speed.
2. Promote a culture of innovation and agility within the team to adapt to evolving security challenges .

Knowledge Sharing and Advocacy:

1. Advocate for DevSecOps adoption across teams and regions, promoting knowledge sharing and best practices .
2. Provide technical guidance and mentoring to engineering teams on DevSecOps practices and tooling .

Program Management:

1. Lead the DevSecOps Squad, ensuring effective collaboration and alignment with the Cloud Operating Model initiatives .
2. Manage the backlog and prioritization of features, ensuring consistency in planned work .

Required Skills:

• 10 years of experience in DevSecOps practices and principles.
• Hands-on experience with secure CI/CD pipeline design and maintenance.
• Proficiency in Infrastructure as Code (IaC) using tools like Terraform, Ansible, or similar.
• Knowledge of cloud-native security across major cloud platforms (Azure, AWS, GCP).
• Experience with security tooling for code scanning, vulnerability management, and compliance (e.g., SonarQube, Snyk, Prisma Cloud).
• Ability to write and maintain technical specifications, user stories, and security standards.
• Solid understanding of Agile methodologies and DevOps delivery models.
• Practical knowledge of application lifecycles, validation, testing, and secure deployment processes.
• Strong ability to collaborate across diverse, cross-functional, and geographically distributed teams.
• Effective communication skills to convey technical and security concepts clearly to both technical and non-technical stakeholders.
• Capacity to influence teams and drive secure practices without direct authority.