Head of Product Security - Overview
Site‑based role in Lausanne, Switzerland, reporting to Logitech’s Chief Information Security Officer (CISO). The position leads the comprehensive security strategy for all Logitech products and associated customer‑facing services, including IoT devices, mobile applications, desktop software, cloud infrastructure, and related services.
Key Responsibilities
* Architect and execute a comprehensive product security strategy and roadmap aligned with business growth, reporting on risk posture and program performance to executive leadership.
* Integrate product security resilience as a competitive differentiator, actively supporting brand trust and enabling new service‑based revenue models while mitigating P&L exposure from legal and product liability risks.
* Develop and implement product security policies, standards, and guidelines.
* Direct global regulatory compliance strategies for mandatory standards such as the EU CRA and UK PSTI, overseeing gap analysis and remediation across cross‑functional teams.
* Lead and mentor a high‑performing security team while fostering a proactive, collaborative security culture across the global organization.
* Champion "Security by Design" by integrating secure development lifecycle practices into all IoT, mobile, desktop, and cloud infrastructure products and development teams.
* Establish and enforce "Safe AI by Design" principles to protect AI models, training data, and deployed agents from manipulation, adversarial attacks, prompt injection, and property theft.
* Ensure mandatory disclosure and reporting requirements, such as vulnerability disclosure processes and security update periods, are publicly and accurately communicated.
* Enforce robust supply chain and manufacturing security standards for operations teams and third‑party partners (JDM/ODM) and suppliers to protect firmware, source code, and production integrity.
* Provide expert security advice, guidance and support to engineering and product teams.
* Ensure product decommissioning maintains security integrity throughout the entire product lifecycle.
* Oversee comprehensive penetration testing and vulnerability management programs, driving remediation lifecycle in collaboration with asset owners.
* Establish proactive AI‑enabled threat hunting capabilities to identify and mitigate emerging attack vectors targeting company products.
* Direct expert support and provide leadership for product‑related security incidents, ensuring rapid response.
* Collaborate closely with Product Development & Engineering, Operational Technology and Manufacturing, Cloud Operations, Data & Analytics, Legal & Compliance, and other cybersecurity functions.
Key Internal Collaborations
* Product Development & Engineering Teams
* Operational Technology and Manufacturing Teams
* Cloud Operations Teams
* Data & Analytics Teams
* Legal & Compliance Teams
* Other Cybersecurity Functions
Qualifications
Experience and Technical Mastery
* Minimum 12 years of experience in product, application, and embedded systems security with a proven history of both hands‑on and leadership roles across multiplatform environments (IoT, mobile, cloud).
* Deep mastery of Secure Software Development Lifecycle (SDLC) and DevSecOps principles, including scaling global programs, formal threat modeling, and security architecture review processes.
* Advanced expertise in product security tooling: proficiency with Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), binary analysis, and fuzzing.
* Experience securing firmware, embedded systems, and Hardware Security Modules (HSMs), with focus on secure provisioning and OTA update mechanisms for IoT devices.
* Deep technical understanding of AI/ML security, including mitigating risks such as data poisoning, model inversion, and prompt injection attacks.
* Expertise in cryptographic design, PKI, key management frameworks, and planning migration to post‑quantum cryptography (PQC) standards.
Strategic Governance and Compliance
* Knowledge of global product security regulations (EU CRA, UK PSTI Act, international vulnerability disclosure requirements).
* Experience in third‑party and supply‑chain security governance, enforcing standards for contract manufacturers and component suppliers.
Leadership and Business Acumen
* Exceptional communication skills for articulating complex technical risks and strategic roadmaps to executive leadership and cross‑functional teams.
* Ability to conceptualize complex business and technical requirements into comprehensible security models, templates, and risk‑acceptance frameworks.
* Experience developing, guiding, and mentoring high‑performing cybersecurity and engineering teams.
* Strong financial management skills for multi‑year security programs, including budgeting, forecasting, and cost control.
Hybrid Work Arrangement
Hybrid role – base 3 days on site.
All qualified applicants will receive consideration for employment without regard to race, sex, age, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.
#J-18808-Ljbffr