Director of Product Security Governance & Compliance

is on the forefront of technology innovation, delivering breakthroughs and trusted insights in electronic design, simulation, prototyping, test, manufacturing, and optimization. Our ~15,000 employees create world-class solutions in communications, 5G, automotive, energy, quantum, aerospace, defense, and semiconductor markets for customers in over 100 countries. Learn more

We are seeking a Director of Product Security Governance & Compliance to lead the strategy, execution, and continuous improvement of our global product security governance framework across a portfolio of cloud software, enterprise platforms, and embedded/hardware products.

This role is accountable for defining policy, interpreting regulatory requirements (with emphasis on the EU Cyber Resilience Act and adjacent global regulations), and operationalizing scalable compliance across diverse product architectures and lifecycles. You will lead a team of managers and partner across engineering, firmware, hardware, legal, and go-to-market organizations to ensure consistent, auditable, and business-aligned outcomes.

Governance & Policy

• Define and maintain a unified product security policy framework spanning cloud software, on-prem platforms, firmware, and hardware devices
• Establish control objectives and standards aligned to secure SDLC, secure firmware development, hardware root of trust, SBOM, vulnerability management, and product lifecycle security
• Ensure policies are embedded into engineering systems (CI/CD, PLM, release gates) and are measurable and enforceable

Regulatory Leadership (EU CRA & Global)

• Act as the internal authority on EU Cyber Resilience Act (CRA), including applicability to software, firmware, and connected devices
• Interpret and decompose regulatory requirements into actionable engineering, manufacturing, and support controls
• Lead enterprise-wide CRA readiness, including gap assessments, remediation programs, and technical documentation requirements (e.g., conformity assessments, CE marking support)
• Monitor evolving global regulations (e.g., NIS2, RED Delegated Act, U.S. EO 14028 implications) and adapt governance strategy accordingly

Compliance Programs & Operations

• Build and scale a global product compliance program covering both software delivery pipelines and hardware manufacturing lifecycles
• Define KPIs/KRIs and maturity models; implement dashboards for executive visibility
• Oversee internal/external audits, regulatory inquiries, and evidence management across engineering and manufacturing systems
• Ensure traceability from policy → control → implementation → evidence (including SBOM, VEX, and vulnerability disclosure processes)

Leadership & Organization Development

• Lead a team of managers across governance, risk, and compliance domains
• Establish operating models that scale across business units and geographies
• Drive talent development, succession planning, and organizational maturity

Cross-Functional Partnership

• Engineering (software, firmware, hardware): integrate controls into SDLC, toolchains, and design processes
• Product Management: align security requirements with product roadmaps and customer commitments
• Legal & Compliance: align regulatory interpretation, risk posture, and disclosures
• Sales & Customer Success: support customer assurance, RFPs, and contractual obligations
• Support & PSIRT: align vulnerability intake, disclosure, and remediation SLAs
• Manufacturing & Supply Chain: ensure component-level security, supplier requirements, and product integrity

Program Management & Execution

• Lead complex, multi-year regulatory and compliance programs with global scope
• Drive prioritization, risk management, and dependency resolution across a matrixed organization
• Deliver clear executive reporting on posture, risks, and remediation progress

Required Qualifications

• 10+ years in product security, cybersecurity governance, or compliance within software and/or hardware technology companies
• 5+ years of leadership experience, including managing managers
• Demonstrated experience building governance frameworks across both software and embedded/hardware product environments
• Strong working knowledge of EU Cyber Resilience Act (CRA) and related frameworks (e.g., NIS2, ISO/IEC 27001, IEC 62443, ETSI EN 303 645)
• Experience translating regulatory and standards requirements into engineering controls and operational processes
• Proven track record partnering with engineering, firmware, hardware, legal, and go-to-market teams
• Strong executive communication skills with experience presenting to senior leadership
• Deep program management experience leading large-scale, cross-functional initiatives

Preferred Qualifications

• Experience in a Fortune 500 or similarly complex multinational organization
• Background in connected devices, IoT, or industrial systems
• Familiarity with SBOM generation/management, vulnerability management platforms, and secure build pipelines
• Experience supporting regulatory audits and product certifications (e.g., CE marking, FIPS, Common Criteria)
• Relevant certifications (e.g., CISSP, CISM, CRISC)

Leadership Profile

• Strategic and systems-oriented thinker with strong execution discipline
• Comfortable operating in ambiguity and driving structure at scale
• Influential leader capable of aligning global stakeholders without direct authority
• Data-driven with strong risk prioritization and decision-making skills
• Clear communicator who translates technical and regulatory requirements into business impact

Keysight is an Equal Opportunity Employer.

The level of role will be based on applicable experience, education and skills; Most offers will be between the minimum and the midpoint of the Salary Range listed below.

CO and AZ Pay Range MIN $178,110.00 MIDPOINT $237,480.00 MAX $296,850.00

Note: For other locations, pay ranges will vary by region

US Employees may be eligible for the following benefits:

• Medical, dental and vision
• Health Savings Account
• Health Care and Dependent Care Flexible Spending Accounts
• Life, Accident, Disability insurance
• Business Travel Accident and Business Travel Health
• 401(k) Plan
• Flexible Time Off, Paid Holidays
• Paid Family Leave
• Discounts, Perks
• Tuition Reimbursement
• Adoption Assistance
• ESPP (Employee Stock Purchase Plan)