Product Security Director

Are you ready for what’s next? Come explore opportunities within Brunswick, a global marine leader committed to challenging conventions and innovating next-generation technologies that transform experiences on the water and beyond. Brunswick believes “Next Never Rests,” and we offer a variety of exciting careers and growth opportunities within united teams defining the future of marine recreation. Job Summary: The Information Security Team at Brunswick is seeking an experienced Director of Product Security to lead our comprehensive product security strategy across embedded systems, hardware and IoT platforms, and application development. Reporting to the Chief Information Security Officer, this senior leader will be a member of the Information Security Leadership Team and will be responsible for building and executing security frameworks that protect our products from design through deployment to enable Brunswick to securely, reliably, and safely deliver experiences on the water and beyond. Working alongside product leaders to execute a strategy that aligns with business objectives, the Director of Product Security will seek to ensure effective security postures across our diverse technology stack. The ideal candidate will be a strategic thinker with hands-on technical expertise and a passion for securing complex product ecosystems. Primary Duties and Responsibilities: Strategic Leadership Develop and implement enterprise-wide product security strategy encompassing embedded systems, hardware security, and application security Build, lead, and mentor a high-performing product security team Collaborate with engineering, product management, and executive teams to integrate security into product roadmaps Establish security governance frameworks and risk assessment methodologies Drive security culture adoption across all product development teams Embedded Systems Security Design security architectures for IoT devices, microcontrollers, and embedded platforms Implement secure boot processes, firmware validation, and over-the-air update mechanisms Establish secure communication protocols for device-to-device and device-to-cloud interactions Conduct threat modeling and security assessments for embedded system designs Oversee implementation of hardware security modules (HSMs) and trusted execution environments Hardware Security Lead hardware security design reviews and vulnerability assessments Implement supply chain security measures for hardware components and manufacturing Design tamper-resistant and tamper-evident hardware solutions Establish secure key management and cryptographic implementations in hardware Coordinate with hardware engineering teams on secure silicon design and validation Application Development Security Implement secure software development lifecycle (SSDLC) practices Develop governance model for existing application security testing frameworks including SAST, DAST, IAST, and SCA Lead threat modeling exercises for application architectures Design secure APIs, authentication systems, and data protection mechanisms Oversee security code review processes and developer security training programs Risk Management & Compliance Conduct comprehensive security risk assessments across all product lines Ensure compliance with industry standards (ISO 27001, IEC 62443, NIST frameworks) Manage vulnerability disclosure programs and coordinate security incident response Maintain relationships with external security researchers and coordinate bug bounty programs Prepare security documentation and reports for executive leadership and compliance audits Qualifications: Required Qualifications Bachelor’s degree in Computer Science, Electrical Engineering, Cybersecurity, or related field 10+ years of experience in product security, with at least 5 years in leadership roles Deep expertise in embedded systems security, including firmware security, secure boot, and IoT security protocols Extensive knowledge of hardware security principles, including cryptographic implementations, secure elements, and anti-tampering techniques Strong background in application security, including secure coding practices, vulnerability assessment, and security testing methodologies Experience with security frameworks and standards (OWASP, NIST, ISO 27001, Common Criteria) Proven track record of building and scaling security teams Strong understanding of threat modeling, risk assessment, and security architecture design Proven track record of designing and implementing cloud security and DevSecOps practices Preferred Qualifications: Master’s degree in Computer Science, Electrical Engineering, Cybersecurity, or related Industry certifications such as CISSP, SABSA, TOGAF, or similar Experience with regulatory compliance in relevant industries (automotive, medical devices, industrial IoT) Background in penetration testing and red team exercises Technical Qualifications and Skills: Knowledge of machine learning security and AI/ML system protection Previous experience in product companies with complex hardware/software integration Programming languages: C/C++, Python, Java, Assembly Security tools: Static analysis tools, dynamic testing frameworks, hardware security analyzers Cryptography: Implementation and deployment of cryptographic protocols and key management systems Hardware platforms: ARM, x86, RISC-V, microcontrollers, FPGAs Communication protocols: TLS/SSL, IPSec, wireless security protocols (WiFi, Bluetooth, Zigbee) Cloud platforms: AWS, Azure, GCP security services Development tools: Version control systems, CI/CD pipelines, containerization Travel Requirements: This position is located in Mettawa, IL, with quarterly travel required to engineering locations around the globe. Compensation and Benefits: The anticipated pay range for this position is $148,300 - $250,300 annually. This position is eligible for an annual discretionary bonus and an award target as part of Brunswick’s long-term incentive program. Equal Opportunity Employer: Brunswick is an Equal Opportunity Employer and considers all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status or any other characteristic protected by federal, state, or local law.

#J-18808-Ljbffr