AI Product Security Manager

About the role

In this opportunity as AI Product Security Manager, you will: Lead and grow the Product Security team , managing, coaching, and developing a team of senior Product Security Engineers covering the full Secure SDLC across Thomson Reuters' product portfolio. Own and execute the Product Security program , including threat modeling, secure design, secure code reviews, security testing, software supply chain security, and vulnerability remediation across multiple products and cloud platforms. Lead Secure AI for products , defining how Thomson Reuters secures AI-powered customer features through Secure AI design reviews, AI red teaming, runtime protections, and actionable security patterns. Build and operate security automation and AI-enabled capabilities , including automated threat modeling, AI remediation agents, LLM security testing, and MCP-based capabilities for engineering teams. Scale security as a developer experience by delivering self-service security tooling, APIs, CI/CD-native controls, clear standards, implementation guidance, and security champion programs. Operate a security data and analytics layer that supports risk-based prioritization and measurable security outcomes across the enterprise. Partner across security, engineering, and the business to align priorities, support compliance requirements, and translate technical risk into business impact for senior leaders. About You You're a fit for the role of AI Product Security Manager if your background includes: 8+ years of experience in product security, application security, or software security engineering, including experience leading or managing senior security engineers. Demonstrated ownership of a Secure SDLC program across a multi-product engineering organization, including threat modeling, secure design, security testing, vulnerability management, and software supply chain security. Hands-on experience with at least one major cloud platform, such as AWS, Azure, or Google Cloud, including identity, networking, secrets management, data protection, and logging. Strong software engineering instincts, with the ability to read and write code in Python, Go, or similar languages and engage credibly with senior engineers on design and implementation. Working knowledge of GenAI and LLM security, including prompt injection, model and data integrity, agent and tool-use security, and AI supply chain considerations. Experience scaling security through developer-friendly tools, APIs, automation, self-service platforms, and CI/CD-native controls. Excellent written and verbal communication skills, with the ability to influence senior engineering leaders and translate technical risk into business decisions.

Requirements

• Hands-on familiarity with Google Cloud security.
• Experience securing AI/ML platforms, such as Claude Agent SDK, Vertex AI, SageMaker, Bedrock, Azure AI, or self-hosted environments.
• Experience building or operating AI security capabilities, including AI red teaming, automated threat modeling, LLM security testing, or AI agents for security automation.
• Knowledge of software supply chain security, including SBOM, SLSA, provenance, attestation, and workload identity.
• Familiarity with industry frameworks such as OWASP ASVS/SAMM, NIST CSF and SSDF, OWASP LLM Top 10, and MITRE ATLAS.
• Experience with security at scale across containers, Kubernetes, Infrastructure as Code such as Terraform or CDK, and modern CI/CD environments.
• Relevant security certifications such as OSCP, OSWE, CKA/CKS, GCP Professional Cloud Security Engineer, or AWS Security Specialty.
• Industry contributions such as open-source projects, conference talks, working group participation, including CoSAI or OWASP, or research publicati

Additional Information

Are you excited by the opportunity to secure products used by millions of professionals around the world? Join Thomson Reuters as a Manager, Product Security , where you will lead a senior team building the platforms, programs, and tooling that secure our products end-to-end. The Product Security Manager leads our Product Security Core team, a group of senior engineers responsible for scaling security across Thomson Reuters' product portfolio. In this role, you will own the Secure Software Development Lifecycle for products, including threat modeling, security testing, software supply chain integrity, vulnerability identification and remediation, and secure design patterns. You will also lead our Secure AI program for AI-powered features shipped to customers, including how we review, red-team, and protect AI capabilities in production. You will partner closely with product engineering, platform engineering, Security Architecture, GRC, IAM, Detection & Response, and business leaders to make security a seamless developer experience. This includes building self-service tools, automation, APIs, and AI-powered security capabilities that help thousands of engineers ship securely. Location: Toronto, hybrid

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Thomson Reuters? Share your experience