# Head of Product Security **Company**: Logitech **Location**: Lausanne **Work arrangement**: hybrid **Experience**: senior **Job type**: full-time **Category**: Engineering **Industry**: Technology **Wikidata**: https://www.wikidata.org/wiki/Q223127 **Apply**: https://logitech.wd5.myworkdayjobs.com/en-US/Logitech/job/Lausanne-Switzerland/Head-of-Product-Security_146199?utm_source=yubhub.co&utm_medium=jobs_feed&utm_campaign=apply **Canonical**: https://yubhub.co/jobs/job_7140a228-08e ## Description Head of Product Security Logitech is the Sweet Spot for people who want their actions to have a positive global impact while having the flexibility to do it in their own way. **The Team and Role:** The Head of Product Security is responsible for establishing, maintaining, and overseeing the comprehensive security strategy for all Logitech products and associated customer-facing services, including Internet of Things (IoT) devices, mobile applications, desktop software, and their related cloud infrastructure and services. **Your Contribution:** Be Yourself. Be Open. Stay Hungry and Humble. Collaborate. Challenge. Decide and just Do. These are the behaviours you’ll need for success at Logitech. In this role you will have the following responsibilities: ### Strategic Leadership & Governance - Architect and execute a comprehensive product security strategy and roadmap aligned with business growth, reporting on risk posture and program performance to executive leadership. - Integrate Product Security resilience as a competitive differentiator, actively supporting brand trust, enabling new service-based revenue models, and mitigating P&L exposure from legal and product liability risks. - Develop and implement product security policies, standards, and guidelines. - Direct global regulatory compliance strategies for mandatory standards such as the EU CRA and UK PSTI, overseeing gap analysis and remediation across cross-functional teams. - Lead and mentor a high-performing security team while fostering a proactive, collaborative security culture across the global organization. ### Secure Product Lifecycle & Engineering - Champion “Security by Design” by integrating secure development lifecycle practices into all IoT, mobile, desktop, and cloud infrastructure products and development teams. - Establish and enforce “Safe AI by Design” principles to ensure that AI models, training data, and deployed agents are protected against manipulation, adversarial attacks, prompt injection, and property theft. - Ensure mandatory disclosure and reporting requirements, such as vulnerability disclosure processes and security update periods, are publicly and accurately communicated. - Enforce robust supply chain and manufacturing security standards for Operations teams and third-party partners (JDM/ODM) and suppliers to protect firmware, source code, and production integrity. - Provide expert security advice, guidance and support to engineering and product teams. - Ensure product decommissioning to maintain security integrity throughout the entire product lifecycle. ### Operational Defense & Assurance - Oversee comprehensive penetration testing and vulnerability management programs, driving the remediation lifecycle in collaboration with asset owners. - Establish proactive AI-enabled threat hunting capabilities to identify and mitigate existing and emerging attack vectors targeting company products. - Direct expert support and provide leadership for product-related security incidents, ensuring rapid response. **Key internal collaborations:** This role requires close collaboration with: - Product Development & Engineering Teams. - Operational Technology and Manufacturing Teams. - Cloud Operations Teams. - Data & Analytics Teams. - Legal & Compliance Teams. - Other Cybersecurity Functions. **Key Qualifications:** ### Experience and Technical Mastery - Minimum 12 years of experience in Product, Application, and Embedded Systems Security, with a proven history of both hands-on and leadership roles across multiplatform environments (IoT, mobile, cloud). - Deep mastery of Secure Software Development Lifecycle (SDLC) and DevSecOps principles, including scaling global programs, formal threat modeling, and security architecture review processes. - Advanced expertise in product security tooling: Proficient with Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), binary analysis, and fuzzing to identify and manage vulnerabilities. - Embedded and Hardware Security: Proven experience securing firmware, embedded systems, and Hardware Security Modules (HSMs), with a focus on secure provisioning and over-the-air (OTA) update mechanisms for IoT devices. - AI/ML Security: Deep technical understanding of adversarial AI, including mitigating risks such as data poisoning, model inversion, and prompt injection attacks. - Cryptography and PQC: Expertise in cryptographic design, PKI, and key management frameworks, including implementing cryptographic agility and planning strategic migration to post-quantum cryptography (PQC) standards. ### Strategic Governance and Compliance - Knowledge of global product security regulations, including the EU Cyber Resilience Act (CRA), UK PSTI Act, and international vulnerability disclosure requirements. - Proven experience in third-party and supply chain security governance, specifically enforcing security standards for contract manufacturers (JDM/ODM) and component suppliers. ### Leadership and Business Acumen - Exceptional communication skills with the ability to clearly articulate complex technical risks and strategic roadmaps to executive leadership and cross-functional teams. - Proven ability to conceptualize complex business and technical requirements into comprehensible security models, templates, and risk acceptance frameworks. - Demonstrated experience in developing, guiding, and mentoring high-performing cybersecurity and engineering teams. - Strong financial management skills for multi-year security programs, including budgeting, forecasting, and cost control. ## Skills ### Required - Product Security - Software Development Lifecycle - DevSecOps - Static Application Security Testing - Dynamic Application Security Testing - Software Composition Analysis - Binary Analysis - Fuzzing - Embedded Systems Security - Hardware Security - AI/ML Security - Cryptography - Post-Quantum Cryptography - Global Product Security Regulations - Third-Party and Supply Chain Security Governance --- Source: [Apply at logitech.wd5.myworkdayjobs.com](https://logitech.wd5.myworkdayjobs.com/en-US/Logitech/job/Lausanne-Switzerland/Head-of-Product-Security_146199?utm_source=yubhub.co&utm_medium=jobs_feed&utm_campaign=apply)