Security Product Lead – Enterprise & Identity Security
Social Finance, Inc. (SoFi), Seattle, WA, United States
Security Product Lead – Enterprise & Identity Security
Information Security
Shape a brighter financial future with us.
Together with our members, we’re changing the way people think about and interact with personal finance.
We’re a next‑generation financial services company and national bank using innovative, mobile‑first technology to help our millions of members reach their goals. The industry is going through an unprecedented transformation, and we’re at the forefront. We’re proud to come to work every day knowing that what we do has a direct impact on people’s lives, with our core values guiding us every step of the way.
Join us to invest in yourself, your career, and the financial world.
Role Overview The Security Product Lead – Enterprise & Identity Security is responsible for defining the strategic direction, roadmap, and measurable outcomes for securing the organization's enterprise infrastructure, critical internal systems, and user identities. This role sits within the Security Strategy & Delivery team and partners closely with the Identity & Access Management (IAM), Infrastructure Security, and Engineering functional leaders and operational teams.
This position ensures that Enterprise Security and Identity Security capabilities are treated as internal security products—aligned to enterprise risk priorities, supported by a clear roadmap, measured through defined KPIs, and delivered through structured program governance.
The role requires strong cross‑functional collaboration, strategic thinking, and the ability to influence without direct authority. By ensuring robust identity governance and securing enterprise infrastructure, this role directly supports the organization's overarching goal of protecting member trust, safeguarding corporate assets, and ensuring the continued stability and growth of the business.
Key Responsibilities
Develop and maintain a multi‑year strategy and roadmap for Enterprise Security, Identity Security (IAM, PAM, Authentication), and AI Security capabilities.
Align roadmap priorities with enterprise risk objectives, regulatory requirements (e.g., access controls, data governance, AI governance), and evolving threat landscape.
Identify capability gaps (e.g., zero‑trust adoption, privileged access maturity, AI model integrity) and define strategic investment opportunities.
Translate strategic objectives into structured, sequenced initiatives.
Product & Capability Management
Define the value proposition and service model for Enterprise Security capabilities (e.g., infrastructure hardening, cloud security posture).
Add aspects of data security under enterprise security: establish product requirements and roadmaps for Data Security capabilities, including data loss prevention (DLP), data classification, data encryption, and ensuring compliance with data privacy regulations.
Define the value proposition and service model for Identity Management capabilities (e.g., self‑service access, least privilege principle, lifecycle management).
Establish clear capability maturity targets (e.g., IAM coverage, access certification completeness) and continuous improvement plans.
Maintain and prioritize a strategic backlog across all areas aligned to measurable risk reduction outcomes (e.g., reduction in over‑privileged accounts, faster access revocation, secure‑by‑design adoption in AI).
Ensure capabilities are treated as ongoing products with lifecycle ownership, not one‑time projects.
Define and track outcome‑based metrics (risk reduction, adoption, efficiency) for core security platforms and identity controls.
Own the portfolio view of Enterprise, Identity, and AI Security initiatives within the broader security strategy.
Structure and manage strategic programs required to deliver roadmap objectives (e.g., rollout of new PAM solution, AI Model SecOps integration).
Define milestones, delivery plans, and success metrics for major initiatives.
Track progress against portfolio commitments and elevate risks proactively.
Manage cross‑functional dependencies across Engineering, IT, HR, Legal, and other stakeholders.
Ensure predictable execution through structured governance and reporting cadence.
Cross‑Functional Collaboration
Partner closely with the Identity & Access Management, Infrastructure Security, and AI/ML functional leaders to align on priorities and execution sequencing.
Collaborate with Product Management, Engineering, Data Science, Legal, Risk, and Compliance stakeholders.
Facilitate stakeholder alignment, trade‑off decisions, and expectation management.
Influence without direct authority to drive security principles across enterprise systems.
Monitor industry trends in enterprise architecture security, identity threats (e.g., phishing, credential stuffing), and AI‑specific threats (e.g., model poisoning, prompt injection).
Identify opportunities for automation, analytics enhancement, and process optimization within identity lifecycles and infrastructure monitoring.
Incorporate lessons learned from security audits and penetration tests into roadmap evolution.
Qualifications
Bachelor’s degree in Computer Science, Cybersecurity, or related discipline.
7+ years of experience in cybersecurity, risk management, or technology strategy roles.
Demonstrated experience in Identity & Access Management (IAM), Privileged Access Management (PAM), Enterprise Security, Data Security, or AI/ML Security domains.
Demonstrated experience building and managing strategic roadmaps tied to measurable outcomes.
Strong understanding of security frameworks, identity protocols (e.g., OAuth, SAML, SCIM), and enterprise risk.
Understanding of AI/ML concepts and associated security risks, including data provenance, model integrity, and adversarial machine learning.
Strong product mindset with ability to translate strategy into execution.
Experience working in matrixed organizations with cross‑functional stakeholders.
Strong analytical, communication, and executive presentation skills.
Compensation and Benefits Pay range: $144,000.00 – $247,500.00 (annual). This role is eligible for bonus, long‑term incentives, and competitive benefits. For full benefits information, please visit our
Benefits at SoFi
page.
SoFi provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion (including religious dress and grooming practices), sex (including pregnancy, childbirth, and related medical conditions, breastfeeding, and conditions related to breastfeeding), gender, gender identity, gender expression, national origin, ancestry, age (40 or over), physical or medical disability, medical condition, marital status, registered domestic partner status, sexual orientation, genetic information, military and/or veteran status, or any other basis prohibited by applicable state or federal law.
The Company hires the best qualified candidate for the job, without regard to protected characteristics. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. SoFi is committed to an inclusive culture. As part of this commitment, SoFi offers reasonable accommodations to candidates with physical or mental disabilities. If you need accommodations to participate in the job application or interview process, please let your recruiter know or email accommodations@sofi.com. Due to insurance coverage issues, we are unable to accommodate remote work from Hawaii or Alaska at this time. Internal Employees
If you are a current employee, do not apply here – please navigate to our Internal Job Board in Greenhouse to apply to our open roles.
Apply for this position Security Product Lead – Enterprise & Identity Security
Information Security
#J-18808-Ljbffr
Shape a brighter financial future with us.
Together with our members, we’re changing the way people think about and interact with personal finance.
We’re a next‑generation financial services company and national bank using innovative, mobile‑first technology to help our millions of members reach their goals. The industry is going through an unprecedented transformation, and we’re at the forefront. We’re proud to come to work every day knowing that what we do has a direct impact on people’s lives, with our core values guiding us every step of the way.
Join us to invest in yourself, your career, and the financial world.
Role Overview The Security Product Lead – Enterprise & Identity Security is responsible for defining the strategic direction, roadmap, and measurable outcomes for securing the organization's enterprise infrastructure, critical internal systems, and user identities. This role sits within the Security Strategy & Delivery team and partners closely with the Identity & Access Management (IAM), Infrastructure Security, and Engineering functional leaders and operational teams.
This position ensures that Enterprise Security and Identity Security capabilities are treated as internal security products—aligned to enterprise risk priorities, supported by a clear roadmap, measured through defined KPIs, and delivered through structured program governance.
The role requires strong cross‑functional collaboration, strategic thinking, and the ability to influence without direct authority. By ensuring robust identity governance and securing enterprise infrastructure, this role directly supports the organization's overarching goal of protecting member trust, safeguarding corporate assets, and ensuring the continued stability and growth of the business.
Key Responsibilities
Develop and maintain a multi‑year strategy and roadmap for Enterprise Security, Identity Security (IAM, PAM, Authentication), and AI Security capabilities.
Align roadmap priorities with enterprise risk objectives, regulatory requirements (e.g., access controls, data governance, AI governance), and evolving threat landscape.
Identify capability gaps (e.g., zero‑trust adoption, privileged access maturity, AI model integrity) and define strategic investment opportunities.
Translate strategic objectives into structured, sequenced initiatives.
Product & Capability Management
Define the value proposition and service model for Enterprise Security capabilities (e.g., infrastructure hardening, cloud security posture).
Add aspects of data security under enterprise security: establish product requirements and roadmaps for Data Security capabilities, including data loss prevention (DLP), data classification, data encryption, and ensuring compliance with data privacy regulations.
Define the value proposition and service model for Identity Management capabilities (e.g., self‑service access, least privilege principle, lifecycle management).
Establish clear capability maturity targets (e.g., IAM coverage, access certification completeness) and continuous improvement plans.
Maintain and prioritize a strategic backlog across all areas aligned to measurable risk reduction outcomes (e.g., reduction in over‑privileged accounts, faster access revocation, secure‑by‑design adoption in AI).
Ensure capabilities are treated as ongoing products with lifecycle ownership, not one‑time projects.
Define and track outcome‑based metrics (risk reduction, adoption, efficiency) for core security platforms and identity controls.
Own the portfolio view of Enterprise, Identity, and AI Security initiatives within the broader security strategy.
Structure and manage strategic programs required to deliver roadmap objectives (e.g., rollout of new PAM solution, AI Model SecOps integration).
Define milestones, delivery plans, and success metrics for major initiatives.
Track progress against portfolio commitments and elevate risks proactively.
Manage cross‑functional dependencies across Engineering, IT, HR, Legal, and other stakeholders.
Ensure predictable execution through structured governance and reporting cadence.
Cross‑Functional Collaboration
Partner closely with the Identity & Access Management, Infrastructure Security, and AI/ML functional leaders to align on priorities and execution sequencing.
Collaborate with Product Management, Engineering, Data Science, Legal, Risk, and Compliance stakeholders.
Facilitate stakeholder alignment, trade‑off decisions, and expectation management.
Influence without direct authority to drive security principles across enterprise systems.
Monitor industry trends in enterprise architecture security, identity threats (e.g., phishing, credential stuffing), and AI‑specific threats (e.g., model poisoning, prompt injection).
Identify opportunities for automation, analytics enhancement, and process optimization within identity lifecycles and infrastructure monitoring.
Incorporate lessons learned from security audits and penetration tests into roadmap evolution.
Qualifications
Bachelor’s degree in Computer Science, Cybersecurity, or related discipline.
7+ years of experience in cybersecurity, risk management, or technology strategy roles.
Demonstrated experience in Identity & Access Management (IAM), Privileged Access Management (PAM), Enterprise Security, Data Security, or AI/ML Security domains.
Demonstrated experience building and managing strategic roadmaps tied to measurable outcomes.
Strong understanding of security frameworks, identity protocols (e.g., OAuth, SAML, SCIM), and enterprise risk.
Understanding of AI/ML concepts and associated security risks, including data provenance, model integrity, and adversarial machine learning.
Strong product mindset with ability to translate strategy into execution.
Experience working in matrixed organizations with cross‑functional stakeholders.
Strong analytical, communication, and executive presentation skills.
Compensation and Benefits Pay range: $144,000.00 – $247,500.00 (annual). This role is eligible for bonus, long‑term incentives, and competitive benefits. For full benefits information, please visit our
Benefits at SoFi
page.
SoFi provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion (including religious dress and grooming practices), sex (including pregnancy, childbirth, and related medical conditions, breastfeeding, and conditions related to breastfeeding), gender, gender identity, gender expression, national origin, ancestry, age (40 or over), physical or medical disability, medical condition, marital status, registered domestic partner status, sexual orientation, genetic information, military and/or veteran status, or any other basis prohibited by applicable state or federal law.
The Company hires the best qualified candidate for the job, without regard to protected characteristics. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. SoFi is committed to an inclusive culture. As part of this commitment, SoFi offers reasonable accommodations to candidates with physical or mental disabilities. If you need accommodations to participate in the job application or interview process, please let your recruiter know or email accommodations@sofi.com. Due to insurance coverage issues, we are unable to accommodate remote work from Hawaii or Alaska at this time. Internal Employees
If you are a current employee, do not apply here – please navigate to our Internal Job Board in Greenhouse to apply to our open roles.
Apply for this position Security Product Lead – Enterprise & Identity Security
Information Security
#J-18808-Ljbffr