Product Security Risk Manager

Red Hat

full-time

Posted on: 10/23/2025

Location Type: Hybrid

Location: Boston • Massachusetts, North Carolina • 🇺🇸 United States

Visit company website

✨ AI Apply

Apply

Salary

💰 $189,600 - $312,730 per year

Job Level

SeniorLead

About the role

Own and Evolve the Risk Management Methodology : Develop, own, and manage the central Product Security risk register, establishing it as the single source of truth for tracking and decision-making.
Assess and Quantify Risk : Partner with technical teams to establish a consistent methodology for assessing and quantifying risk that goes beyond traditional severity scores to incorporate business context such as product impact, revenue, and reputational damage.
Translate and Articulate Risks : Translate complex technical issues and compliance gaps into clear, quantifiable business impact for non-technical audiences.
Drive Governance and Coordination : Lead a cross-functional risk governance committee to review and act on top risks.
Create Tailored Reporting : Design and deliver tailored risk reports, metrics, and dashboards for diverse audiences, including executive leadership, product engineering leaders, legal, and sales organizations.
Improve and Standardize Processes : Build a structured, repeatable program for risk identification, assessment, and communication across the organization.
Build Thought Leadership : Develop learning and development materials to foster a culture of risk awareness.

Requirements

7+ years of experience in product security, application security, or a technical GRC (Governance, Risk, and Compliance) role.
Deep understanding of core security concepts, including the Secure Development Lifecycle (SDL), threat modeling, vulnerability management, and risk assessment methodologies.
Experience building and managing a risk register using dedicated GRC platforms or other tools like Jira.
A bachelor's degree in a related field or an industry certification like CISSP, CGRC, CRISC or CISM are beneficial but not required.
Exceptional ability to translate deep technical issues into clear business risks, explaining the "so what" to senior leaders.
Excellent verbal and written communication skills, with experience presenting to both executive and technical audiences in highly collaborative environments.
Proven skill in influencing cross-functional teams and senior leadership without direct authority.
A process-oriented mindset with demonstrated experience building structured programs from ambiguous or ad-hoc processes.
High attention to detail and the ability to break down large, complex strategies into achievable actions and tasks.
Strong organizational skills to manage multiple stakeholders and drive complex projects to completion.
Proactively leverage AI technologies to streamline workflows, simplify complexity, and enhance overall efficiency.

Benefits

Comprehensive medical, dental, and vision coverage
Flexible Spending Account - healthcare and dependent care
Health Savings Account - high deductible medical plan
Retirement 401(k) with employer match
Paid time off and holidays
Paid parental leave plans for all new parents
Leave benefits including disability, paid family medical leave, and paid military leave
Additional benefits including employee stock purchase plan, family planning reimbursement, tuition reimbursement, transportation expense account, employee assistance program, and more!

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills

risk management methodologyrisk assessmentvulnerability managementthreat modelingSecure Development Lifecycle (SDL)risk quantificationrisk identificationrisk reportingprocess standardizationprogram development

Soft skills

communication skillsinfluencing skillsorganizational skillsattention to detailcollaborationtranslating technical issuesleadershipproblem-solvingproject managementprocess-oriented mindset