What You'll Do As the Manager of Product Security with a focus on Data Privacy, you will play a crucial role in ensuring that our products are designed, developed, and deployed with strong security and privacy controls. You will lead a team of security professionals, collaborate with cross-functional teams, and drive the implementation of privacy-by-design principles across all stages of the product lifecycle. Your key responsibilities will include safeguarding customer data, ensuring compliance with privacy regulations, and mitigating security risks in product development. Key Responsibilities: Leadership & Strategy: • Lead the product security team focused on embedding data privacy and security controls into product design and development processes. • Develop and execute a comprehensive product security strategy with a focus on data privacy. • Partner with engineering, legal, compliance, and product teams to ensure privacy and security are integrated into all stages of the product lifecycle. • Drive privacy-by-design principles and advocate for secure development practices across the organization. Data Privacy Governance: • Ensure products comply with relevant data privacy regulations such as GDPR, CCPA, HIPAA, and other global standards. • Develop, implement, and maintain product security policies and procedures that align with legal, regulatory, and industry requirements. • Perform privacy impact assessments (PIAs) and security risk assessments (SRAs) on products and services. Risk Management: • Identify, assess, and manage privacy and security risks related to product development and deployment. • Implement controls and measures to mitigate data breaches, unauthorized access, and other security incidents. • Lead incident response efforts related to privacy violations or data security breaches in collaboration with legal and IT teams. Collaboration & Communication: • Collaborate with engineering teams to integrate security tools, practices, and automated testing into CI/CD pipelines. • Work closely with the legal and compliance teams to interpret and respond to data privacy regulations and standards. • Communicate privacy and security risks, issues, and solutions to senior leadership and other stakeholders. Training & Awareness: • Develop and conduct training programs to educate product development teams on privacy and security best practices. • Stay up-to-date with emerging data privacy trends, threats, and technologies and ensure the team is aligned with industry best practices. Monitoring & Reporting: • Oversee continuous monitoring of product security and privacy controls to ensure ongoing compliance and risk mitigation. • Provide regular updates to leadership on the status of product security initiatives, privacy compliance, and risk management activities. What You'll Need to be Successful Qualifications: Education & Experience: • Bachelor’s or Master’s degree in Information Security, Computer Science, or related field. • 5+ years of experience in product security, cybersecurity, or data privacy, with a focus on software product development. • Proven experience managing teams in a security or privacy role. Skills & Knowledge: • Deep understanding of data privacy laws and regulations (e.g., GDPR, CCPA, HIPAA). • Strong knowledge of product security principles, including secure software development practices, encryption, and threat modeling. • Familiarity with privacy-enhancing technologies, data anonymization, and data retention practices. • Experience with security tools, automation, and CI/CD practices. Certifications (preferred): • Certified Information Privacy Professional (CIPP), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or similar certifications. Personal Attributes: • Excellent leadership, communication, and collaboration skills. • Strong problem-solving and critical thinking abilities. • Ability to manage multiple priorities in a fast-paced environment. • A proactive and solution-oriented approach to managing security and privacy risks. How We'll Take Care of You Total Rewards In addition to a great compensation package, paid time off, and paid parental leave, many Avalara employees are eligible for bonuses. Health & Wellness Benefits vary by location but generally include private medical, life, and disability insurance. Inclusive culture and diversity Avalara strongly supports diversity, equity, and inclusion, and is committed to integrating them into our business practices and our organizational culture. We also have a total of 8 employee-run resource groups, each with senior leadership and exec sponsorship. Learn more about our benefits by region here: Avalara North America What You Need To Know About Avalara We’re Avalara. We’re defining the relationship between tax and tech. We’ve already built an industry-leading cloud compliance platform, processing nearly 40 billion customer API calls and over 5 million tax returns a year. Last year, we became a billion-dollar business, and our tribe expanded by a cool thousand people - there’s nearly 5,000 of us now. Our growth is real, and we’re not slowing down - not until we’ve achieved our mission - to be part of every transaction in the world. We’re bright, innovative and disruptive, like the orange we love to wear. It captures our quirky spirit and optimistic mindset. It shows off the culture we’ve designed, that empowers our people to win. Ownership and achievement go hand in hand here. We instill passion in our people through the trust we place in them. We’ve been different from day one. Join us, and your career will be too. We’re An Equal Opportunity Employer Supporting diversity and inclusion is a cornerstone of our company — we don’t want people to fit into our culture, but to enrich it. All qualified candidates will receive consideration for employment without regard to race, color, creed, religion, age, gender, national orientation, disability, sexual orientation, US Veteran status, or any other factor protected by law. If you require any reasonable adjustments during the recruitment process, please let us know.