Job Title

As theHead of Product Security , you will be responsible for defining, building, and leading Fluidra’s product security function for connected and IoT-enabled pool products. You will own the end-to-end product security strategy, embedsecurity-by-designpractices across the product lifecycle, and ensure compliance with theEU Cyber Resilience Act (CRA)and other applicable global regulations. Reporting directly to theGlobal CISO , this role works closely with Engineering, R&D, Firmware, IoT, Compliance, Cybersecurity Architecture teams, and external partners to ensure secure, compliant, and resilient products.Key Responsibilities Strategy & Leadership Define and execute the product security strategy aligned with CRA requirements and industry best practices Build, mentor, and lead a high-performing team of product security engineers and analysts Establish global product security governance, policies, and standards across R&D teams Define, monitor, and report product security KPIs and metrics Provide regular updates on product security posture and compliance to executive leadership Stay current on emerging threats, regulatory changes, and industry trends Security by Design Embed security-by-design principles throughout the connected product development lifecycle Lead threat modeling initiatives for new products and features Define security requirements from product concept through deployment Ensure OWASP standards are integrated into development practices Assess and mitigate security risks related to AI/ML-enabled product features Vulnerability Management & PSIRT Establish and lead the Product Security Incident Response Team (PSIRT) Implement coordinated vulnerability disclosure processes Manage vulnerability reporting toENISA , as required under CRA Oversee security patch development, validation, and deployment Compliance & Supply Chain Security Own compliance withCRAandRED Article 3.3for connected products Ensure SBOM generation, maintenance, and disclosure processes are in place Assess and manage third-party and supply chain security risks Oversee technical documentation for CE conformity declarations Define and manage product security support periods and end-of-life processes Coordinate with external auditors and certification bodies Coordination & Stakeholder Management Collaborate with Cybersecurity Architecture teams on cloud security initiatives Manage external hardware penetration testing vendors Partner with R&D leadership to integrate security into product roadmaps Work closely with Quality and Regulatory teams on certifications Support Sales and Customer Success teams on product security queries Conduct product security due diligence for mergers and acquisitions What We Are Looking For Experience Minimum10 yearsof experience in cybersecurity, with5+ yearsfocused on product or IoT security Proven experience building and leading security teams Hands-on experience with PSIRT operations and vulnerability disclosure Background in manufacturing, industrial, or consumer IoT environments preferred Expert Knowledge Security-by-design methodologies and secure development lifecycle Threat modeling frameworks (STRIDE, PASTA, Attack Trees) OWASP standards (Top 10, IoT Top 10, ASVS) EU Cyber Resilience Act and Radio Equipment Directive requirements IoT security architecture and embedded systems Supply chain security and third-party risk management Technical Skills Cloud security platforms (Wiz preferred) AWS IoT services and serverless architectures Embedded systems security SBOM generation and vulnerability management tools Security considerations for AI/ML-enabled products Leadership & Communication Experience leading teams in global, matrixed organizations Strong communication skills across technical and executive audiences Proven ability to collaborate cross-functionally with engineering teams Vendor management and negotiation experience Certifications CISSP or CISM(mandatory) Preferred:OSCP, GICSP, IEC 62443 Additional Requirements Excellent English communication skills (written and verbal) Willingness to travel internationally up to10% , as required