Security Product Lead – Threat Intelligence & Insider Risk
SoFi · San Francisco, CA
- On site
- Full-time
- $150,000 / year
- San Francisco, CA
Job highlights
- Lead security product strategy and roadmap.
- Manage threat intelligence and insider risk capabilities.
- Drive cross-functional collaboration for security initiatives.
- Ensure measurable outcomes and risk reduction.
- Align security products with enterprise risk.
About the role
About SoFi
Shape a brighter financial future with us. Together with our members, we’re changing the way people think about and interact with personal finance. We’re a next-generation financial services company and national bank using innovative, mobile-first technology to help our millions of members reach their goals. The industry is going through an unprecedented transformation, and we’re at the forefront. We’re proud to come to work every day knowing that what we do has a direct impact on people’s lives, with our core values guiding us every step of the way. Join us to invest in yourself, your career, and the financial world.
Role Overview
The Security Product Lead – Threat Intelligence & Insider Risk is responsible for defining the strategic direction, roadmap, and measurable outcomes of the organization’s Threat Intelligence and Insider Risk capabilities. This role sits within the Security Strategy & Delivery team and partners closely with the Threat Intelligence & Insider Risk functional leader and operational teams.
This position ensures that Threat Intelligence & Insider Risk capabilities are treated as internal security products—aligned to enterprise risk priorities, supported by a clear roadmap, measured through defined KPIs, and delivered through structured program governance. The role requires strong cross-functional collaboration, strategic thinking, and the ability to influence without direct authority. By proactively identifying, assessing, and mitigating advanced threats and insider risks, this role directly supports the organization's overarching goal of protecting member trust, safeguarding corporate assets, and ensuring the continued stability and growth of the business.
Key Responsibilities
Strategy & Roadmap Stewardship
- Develop and maintain a multi-year strategy and roadmap for Threat Intelligence and Insider Risk capabilities.
- Align roadmap priorities with enterprise risk objectives, regulatory requirements, and evolving threat landscape.
- Identify capability gaps and define strategic investment opportunities.
- Translate strategic objectives into structured, sequenced initiatives.
Product & Capability Management
- Define the value proposition and service model for Threat Intelligence & Insider Risk capabilities.
- Establish clear capability maturity targets and continuous improvement plans.
- Maintain and prioritize a strategic backlog aligned to measurable risk reduction outcomes.
- Ensure capabilities are treated as ongoing products with lifecycle ownership, not one-time projects.
- Define and track key performance indicators (KPIs) to measure effectiveness, including intelligence relevance, dissemination timeliness, detection coverage, and insider risk metrics.
- Provide executive-level reporting on capability performance, maturity progress, and risk impact.
- Ensure transparency into roadmap progress and value realization.
Portfolio & Program Management
- Own the portfolio view of Threat Intelligence & Insider Risk initiatives within the broader security strategy.
- Structure and manage strategic programs required to deliver roadmap objectives.
- Define milestones, delivery plans, and success metrics for major initiatives.
- Track progress against portfolio commitments and escalate risks proactively.
- Manage cross-functional dependencies across Security, Engineering, HR, Legal, and other stakeholders.
- Support quarterly and annual planning cycles, including investment prioritization and capacity alignment.
- Ensure predictable execution through structured governance and reporting cadence.
Cross-Functional Collaboration
- Partner closely with the Threat Intelligence & Insider Risk functional leader and team to align on priorities and execution sequencing.
- Collaborate with SOC, Incident Response, HR, Legal, Engineering, and Risk stakeholders.
- Facilitate stakeholder alignment, trade-off decisions, and expectation management.
- Influence without direct authority to drive delivery outcomes and manage cross functional projects to ensure the delivery.
Continuous Improvement & Innovation
- Monitor industry trends, adversary tactics, and insider risk developments.
- Identify opportunities for automation, analytics enhancement, and process optimization.
- Incorporate lessons learned from incidents and audits into roadmap evolution.
Qualifications
- Bachelor’s degree in Computer Science, Cybersecurity, or related discipline.
- 7+ years of experience in cybersecurity, risk management, or technology strategy roles.
- Experience in Threat Intelligence, Insider Risk, SOC, or related security domains.
- Demonstrated experience building and managing strategic roadmaps tied to measurable outcomes.
- Strong understanding of adversary tactics (e.g., MITRE ATT&CK), intelligence lifecycle, and insider risk considerations.
- Strong product mindset with ability to translate strategy into execution.
- Experience working in matrixed organizations with cross-functional stakeholders.
- Strong analytical, communication, and executive presentation skills.
Compensation And Benefits
The base pay range for this role is listed below. Final base pay offer will be determined based on individual factors such as the candidate’s experience, skills, and location.
To view all of our comprehensive and competitive benefits, visit our Benefits at SoFi page!
Key skills/competency
- Product Management
- Threat Intelligence
- Insider Risk
- Cybersecurity Strategy
- Roadmap Development
- KPI Definition
- Risk Management
- Cross-functional Collaboration
- Security Operations
- Program Management
Skills & topics
- Product Management
- Threat Intelligence
- Insider Risk
- Cybersecurity
- Roadmap
- Risk Management
- SoFi
- Security Strategy
- KPI
- Cross-functional Collaboration
How to get hired
- Tailor your resume: Highlight experience in product management, threat intelligence, and insider risk, quantifying achievements with metrics.
- Showcase strategic thinking: Emphasize your ability to develop roadmaps and translate strategy into actionable initiatives, referencing frameworks like MITRE ATT&CK.
- Demonstrate collaboration skills: Provide examples of influencing stakeholders without direct authority across Security, Engineering, HR, and Legal.
- Prepare for product-focused interviews: Be ready to discuss your product mindset and how you've managed security capabilities as products with clear KPIs.
- Understand SoFi's mission: Research SoFi's commitment to member trust and financial well-being to align your answers with their values.
Technical preparation
Behavioral questions
Frequently asked questions
- What is the primary focus of the Security Product Lead role at SoFi?
- The Security Product Lead at SoFi is primarily responsible for defining and executing the strategic direction, roadmap, and measurable outcomes for the organization's Threat Intelligence and Insider Risk capabilities, treating them as internal security products.
- What kind of experience is required for the Security Product Lead position at SoFi?
- A Bachelor's degree in a related field and 7+ years of cybersecurity experience are required, with a strong emphasis on Threat Intelligence, Insider Risk, SOC, or technology strategy, including experience in roadmap development and managing security as a product.
- How does this role at SoFi contribute to the company's goals?
- This role directly supports SoFi's goal of protecting member trust, safeguarding corporate assets, and ensuring business stability by proactively identifying, assessing, and mitigating advanced threats and insider risks.
- What does 'treating capabilities as internal security products' mean for this role at SoFi?
- It means that Threat Intelligence and Insider Risk functions will have a defined value proposition, a clear roadmap, measurable KPIs, structured program governance, and lifecycle ownership, similar to how external software products are managed.
- What is the expected work arrangement for the Security Product Lead at SoFi?
- While the job description does not explicitly state the work arrangement, hybrid or on-site is likely given the emphasis on cross-functional collaboration with various internal teams. Remote work might be possible depending on location and specific team arrangements.
- How does SoFi handle compensation for the Security Product Lead role?
- SoFi states that the base pay range is provided, and the final offer will be determined by individual factors like experience, skills, and location. They also offer a comprehensive benefits package.
- What are some key technical or strategic frameworks relevant to this Security Product Lead role at SoFi?
- A strong understanding of adversary tactics like MITRE ATT&CK, the intelligence lifecycle, and insider risk considerations is essential. A product mindset is also crucial for translating strategy into execution.