Director of Product Security Governance & Compliance

Overview

Keysight is on the forefront of technology innovation, delivering breakthroughs and trusted insights in electronic design, simulation, prototyping, test, manufacturing, and optimization. Our ~15,000 employees create world-class solutions in communications, 5G, automotive, energy, quantum, aerospace, defense, and semiconductor markets for customers in over 100 countries. Learn more about what we do.

We are seeking a Director of Product Security Governance & Compliance to lead the strategy, execution, and continuous improvement of our global product security governance framework across a portfolio of cloud software, enterprise platforms, and embedded/hardware products.

This role is accountable for defining policy, interpreting regulatory requirements (with emphasis on the EU Cyber Resilience Act and adjacent global regulations), and operationalizing scalable compliance across diverse product architectures and lifecycles. You will lead a team of managers and partner across engineering, firmware, hardware, legal, and go-to-market organizations to ensure consistent, auditable, and business-aligned outcomes.

Responsibilities

Governance & Policy
Define and maintain a unified product security policy framework spanning cloud software, on-prem platforms, firmware, and hardware devices
Establish control objectives and standards aligned to secure SDLC, secure firmware development, hardware root of trust, SBOM, vulnerability management, and product lifecycle security
Ensure policies are embedded into engineering systems (CI/CD, PLM, release gates) and are measurable and enforceable
Regulatory Leadership (EU CRA & Global)
Act as the internal authority on EU Cyber Resilience Act (CRA), including applicability to software, firmware, and connected devices
Interpret and decompose regulatory requirements into actionable engineering, manufacturing, and support controls
Lead enterprise-wide CRA readiness, including gap assessments, remediation programs, and technical documentation requirements (e.g., conformity assessments, CE marking support)
Monitor evolving global regulations (e.g., NIS2, RED Delegated Act, U.S. EO 14028 implications) and adapt governance strategy accordingly
Compliance Programs & Operations
Build and scale a global product compliance program covering both software delivery pipelines and hardware manufacturing lifecycles
Define KPIs/KRIs and maturity models; implement dashboards for executive visibility
Oversee internal/external audits, regulatory inquiries, and evidence management across engineering and manufacturing systems
Ensure traceability from policy → control → implementation → evidence (including SBOM, VEX, and vulnerability disclosure processes)
Leadership & Organization Development
Lead a team of managers across governance, risk, and compliance domains
Establish operating models that scale across business units and geographies
Drive talent development, succession planning, and organizational maturity
Cross-Functional Partnership
Engineering (software, firmware, hardware): integrate controls into SDLC, toolchains, and design processes
Product Management: align security requirements with product roadmaps and customer commitments
Legal & Compliance: align regulatory interpretation, risk posture, and disclosures
Sales & Customer Success: support customer assurance, RFPs, and contractual obligations
Support & PSIRT: align vulnerability intake, disclosure, and remediation SLAs
Manufacturing & Supply Chain: ensure component-level security, supplier requirements, and product integrity
Program Management & Execution
Lead complex, multi-year regulatory and compliance programs with global scope
Drive prioritization, risk management, and dependency resolution across a matrixed organization
Deliver clear executive reporting on posture, risks, and remediation progress

Qualifications

Required Qualifications
10+ years in product security, cybersecurity governance, or compliance within software and/or hardware technology companies
5+ years of leadership experience, including managing managers
Demonstrated experience building governance frameworks across both software and embedded/hardware product environments
Strong working knowledge of EU Cyber Resilience Act (CRA) and related frameworks (e.g., NIS2, ISO/IEC 27001, IEC 62443, ETSI EN 303 645)
Experience translating regulatory and standards requirements into engineering controls and operational processes
Proven track record partnering with engineering, firmware, hardware, legal, and go-to-market teams
Strong executive communication skills with experience presenting to senior leadership
Deep program management experience leading large-scale, cross-functional initiatives
Preferred Qualifications
Experience in a Fortune 500 or similarly complex multinational organization
Background in connected devices, IoT, or industrial systems
Familiarity with SBOM generation/management, vulnerability management platforms, and secure build pipelines
Experience supporting regulatory audits and product certifications (e.g., CE marking, FIPS, Common Criteria)
Relevant certifications (e.g., CISSP, CISM, CRISC)
Leadership Profile
Strategic and systems-oriented thinker with strong execution discipline
Comfortable operating in ambiguity and driving structure at scale
Influential leader capable of aligning global stakeholders without direct authority
Data-driven with strong risk prioritization and decision-making skills
Clear communicator who translates technical and regulatory requirements into business impact

Careers Privacy StatementKeysight is an Equal Opportunity Employer.

The level of role will be based on applicable experience, education and skills; Most offers will be between the minimum and the midpoint of the Salary Range listed below.

CO and AZ Pay Range MIN $178,110.00 MIDPOINT $237,480.00 MAX $296,850.00

Note: For other locations, pay ranges will vary by region

US Employees may be eligible for the following benefits:
Medical, dental and vision
Health Savings Account
Health Care and Dependent Care Flexible Spending Accounts
Life, Accident, Disability insurance
Business Travel Accident and Business Travel Health
401(k) Plan
Flexible Time Off, Paid Holidays
Paid Family Leave
Discounts, Perks
Tuition Reimbursement
Adoption Assistance
ESPP (Employee Stock Purchase Plan)

Apply To This Job