Product Security Compliance Manager

About the Role

This strategic, hands‑on position translates regulatory and trust requirements into practical guidance, leads cross‑functional working groups, and manages risk to support product delivery. • Partner with product security developers and engineering teams to align security and privacy requirements across desktop, hybrid cloud, and cloud products. • Lead and coordinate regulated compliance efforts (ITAR, FedRAMP, GovCloud) through readiness, assessment, authorization, and ongoing maintenance. • Translate regulatory, audit, security, privacy, resiliency, and Trusted AI requirements into clear, actionable guidance for product and engineering teams. • Collaborate with the corporate Trust organization to ensure alignment with enterprise trust standards and reporting. • Lead cross‑functional working groups for trust excellence, product certifications, and regionalization initiatives. • Support implementation and ongoing maintenance of internal Trust controls aligned with SOC 2, ISO/IEC 27001, and NIST SP 800‑53. • Track and report product trust commitments across security, privacy, availability, resilience, and recoverability. • Coordinate audits, government assessments, and customer security or compliance reviews. • Assist with security testing activities, awareness efforts, incident‑response follow‑up, business continuity considerations, and trust documentation.

Key Responsibilities

• ▸compliance management
• ▸regulatory guidance
• ▸control implementation
• ▸audit coordination
• ▸security testing
• ▸trust reporting

What You Bring

Candidates should hold a bachelor’s degree in cybersecurity or a related field and have 4–6 years of experience in product security, compliance, or risk management. Experience with ITAR, FedRAMP, or GovCloud certifications, knowledge of SSDLC, and familiarity with frameworks such as SOC 2, ISO 27001, NIST SP 800‑53, GDPR, and CCPA are required. Strong communication, documentation, and the ability to work in a matrixed organization are essential, with up to 25 % travel. • Bachelor’s degree in Cybersecurity, Computer Information Systems, or a related field. • 4–6 years of experience in product security, security compliance, risk management, or trust‑related roles. • Experience supporting engineering teams with ITAR, FedRAMP, and/or GovCloud compliance or certification efforts. • Knowledge of Secure Software Development Lifecycle (SSDLC) processes and best practices. • Understanding of information security risks and controls across applications, data, infrastructure, especially in cloud or hybrid environments (e.g., AWS). • Familiarity with security and privacy frameworks and regulations such as SOC 2, NIST SP 800‑53, ISO/IEC 27001, GDPR, and CCPA. • Strong communication, organizational, and documentation skills; ability to work in a matrixed organization. • Ability to travel up to 25 % as required. • Preferred: CISSP, FedRAMP Practitioner, or CCSP certification. • Preferred: Experience with desktop software and cloud‑connected or hybrid products. • Preferred: Knowledge of regulated environments, data residency, or regionalization requirements. • Preferred: Experience supporting audits, penetration testing, or vulnerability management programs.

Requirements

• ▸bachelor's
• ▸cissp
• ▸fedramp
• ▸ssdlc
• ▸aws
• ▸communication

Benefits

Autodesk offers a competitive compensation package with a U.S. base salary range of $103,800 to $179,080, plus bonuses, stock grants, and comprehensive health and wellness benefits. The company is an equal‑opportunity employer that values diversity and belonging.

Work Environment

Hybrid