Head of Product Security

Head of Product Security

Logitech is the Sweet Spot for people who want their actions to have a positive global impact while having the flexibility to do it in their own way.

The Team and Role: The Head of Product Security is responsible for establishing, maintaining, and overseeing the comprehensive security strategy for all Logitech products and associated customer-facing services, including Internet of Things (IoT) devices, mobile applications, desktop software, and their related cloud infrastructure and services.

Your Contribution: Be Yourself. Be Open. Stay Hungry and Humble. Collaborate. Challenge. Decide and just Do. These are the behaviours you’ll need for success at Logitech.

In this role you will have the following responsibilities:

Strategic Leadership & Governance

• Architect and execute a comprehensive product security strategy and roadmap aligned with business growth, reporting on risk posture and program performance to executive leadership.
• Integrate Product Security resilience as a competitive differentiator, actively supporting brand trust, enabling new service-based revenue models, and mitigating P&L exposure from legal and product liability risks.
• Develop and implement product security policies, standards, and guidelines.
• Direct global regulatory compliance strategies for mandatory standards such as the EU CRA and UK PSTI, overseeing gap analysis and remediation across cross-functional teams.
• Lead and mentor a high-performing security team while fostering a proactive, collaborative security culture across the global organization.

Secure Product Lifecycle & Engineering

• Champion “Security by Design” by integrating secure development lifecycle practices into all IoT, mobile, desktop, and cloud infrastructure products and development teams.
• Establish and enforce “Safe AI by Design” principles to ensure that AI models, training data, and deployed agents are protected against manipulation, adversarial attacks, prompt injection, and property theft.
• Ensure mandatory disclosure and reporting requirements, such as vulnerability disclosure processes and security update periods, are publicly and accurately communicated.
• Enforce robust supply chain and manufacturing security standards for Operations teams and third-party partners (JDM/ODM) and suppliers to protect firmware, source code, and production integrity.
• Provide expert security advice, guidance and support to engineering and product teams.
• Ensure product decommissioning to maintain security integrity throughout the entire product lifecycle.

Operational Defense & Assurance

• Oversee comprehensive penetration testing and vulnerability management programs, driving the remediation lifecycle in collaboration with asset owners.
• Establish proactive AI-enabled threat hunting capabilities to identify and mitigate existing and emerging attack vectors targeting company products.
• Direct expert support and provide leadership for product-related security incidents, ensuring rapid response.

Key internal collaborations: This role requires close collaboration with:

• Product Development & Engineering Teams.
• Operational Technology and Manufacturing Teams.
• Cloud Operations Teams.
• Data & Analytics Teams.
• Legal & Compliance Teams.
• Other Cybersecurity Functions.

Key Qualifications:

Experience and Technical Mastery

• Minimum 12 years of experience in Product, Application, and Embedded Systems Security, with a proven history of both hands-on and leadership roles across multiplatform environments (IoT, mobile, cloud).
• Deep mastery of Secure Software Development Lifecycle (SDLC) and DevSecOps principles, including scaling global programs, formal threat modeling, and security architecture review processes.
• Advanced expertise in product security tooling: Proficient with Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), binary analysis, and fuzzing to identify and manage vulnerabilities.
• Embedded and Hardware Security: Proven experience securing firmware, embedded systems, and Hardware Security Modules (HSMs), with a focus on secure provisioning and over-the-air (OTA) update mechanisms for IoT devices.
• AI/ML Security: Deep technical understanding of adversarial AI, including mitigating risks such as data poisoning, model inversion, and prompt injection attacks.
• Cryptography and PQC: Expertise in cryptographic design, PKI, and key management frameworks, including implementing cryptographic agility and planning strategic migration to post-quantum cryptography (PQC) standards.

Strategic Governance and Compliance

• Knowledge of global product security regulations, including the EU Cyber Resilience Act (CRA), UK PSTI Act, and international vulnerability disclosure requirements.
• Proven experience in third-party and supply chain security governance, specifically enforcing security standards for contract manufacturers (JDM/ODM) and component suppliers.

Leadership and Business Acumen

• Exceptional communication skills with the ability to clearly articulate complex technical risks and strategic roadmaps to executive leadership and cross-functional teams.
• Proven ability to conceptualize complex business and technical requirements into comprehensible security models, templates, and risk acceptance frameworks.
• Demonstrated experience in developing, guiding, and mentoring high-performing cybersecurity and engineering teams.
• Strong financial management skills for multi-year security programs, including budgeting, forecasting, and cost control.