I am...

Position Summary

HackerOne is seeking a hands-on, mission-driven Product Manager to lead the development of our data products capabilities. With the leading platform of customer security programs and vulnerabilities discovered in both breadth and depth, HackerOne is uniquely advantaged to provide unparalleled security insights to its customers. This is an opportunity to develop data products for customers that provide an unmatched level of intelligence by deriving insight from the vast amount of security data.

At HackerOne, we embrace a Flexible Work approach, enabling our team members to work remotely while maintaining productivity and collaboration. We are seeking candidates located in Seattle, WA, San Francisco Bay Area, Austin, TX, or Washington, DC, and the surrounding metropolitan areas, to facilitate occasional in-person interactions as needed. While the position is primarily remote, there will be periodic in-person requirements to support team collaboration and foster stronger connections. This approach ensures flexibility while providing opportunities to build meaningful in-person relationships that strengthen our team and company culture.

​

Company Overview

HackerOne is the global leader in human-powered security, harnessing the creativity of the world’s largest community of security researchers with cutting-edge AI to protect your digital assets. The HackerOne Platform combines the expertise of our elite community and the most up-to-date vulnerability database to pinpoint critical security flaws across your attack surface. Our integrated solutions, including bug bounty, pentesting, code security audits, spot checks, and AI red teaming, ensure continuous vulnerability discovery and management throughout the software development lifecycle. Trusted by industry leaders such as Coinbase, General Motors, GitHub, Goldman Sachs, Hyatt, PayPal, and the U.S. Department of Defense, HackerOne was named a Best Workplace for Innovators by Fast Company in 2023 and a Most Loved Workplace for Young Professionals in 2024.

• Lead HackerOne data products development with a strategic perspective across all cross-functional facets of the business necessary to bring unique security insights to customers based on HackerOne’s vast vulnerability datasets.
• Lead cross-functional collaboration with customers and post-sales operations to determine and deliver on data products strategy, vision, and roadmap.
• Refine and mature existing data products, such as Analytics and Reporting, Benchmarks, and Recommendations.
• Execute the product lifecycle from ideation to GTM and bring net new data capabilities into the hands of customers.
• Develop and apply expertise in security analytics and vulnerability management to create product experiences that customers and hackers love in collaboration with engineers, designers, and CSMs.
• Evangelize the value of HackerOne’s data-powered security insights internally and externally as a subject matter expert via customer and prospect calls, product demos, webinars, and roadmap briefings.
• Stay at the forefront of industry trends, emerging technologies like AI and ML, and competitive developments to identify opportunities for disruptive innovation and position HackerOne as a market leader.

Minimum Qualifications

• 7+ years experience in Product Management in high-growth tech/SaaS companies.
• Proven track record of successfully developing products in high-growth businesses involving in-depth cross-functional collaboration and leadership across R&D and go-to-market.
• Outstanding communication and leadership skills with a collaborative and team-oriented approach to identifying problems, determining potential solutions, and building consensus around your vision with internal and external stakeholders.

​

Preferred Qualifications

• Bachelor's degree in Computer Science, Engineering, or related field.
• Demonstrated data-driven, highly analytical problem solving while delivering thoughtful solutions that delight users.
• Experience bringing products to market that leverage ML and AI technologies.
• Deep understanding of cybersecurity technologies and market trends.

Job Benefits:

• Health (medical, vision, dental), life, and disability insurance*
• Equity stock options
• Retirement plans
• Paid public holidays and unlimited PTO
• Paid maternity and parental leave
• Leaves of absence (including caregiver leave and leave under CO's Healthy Families and Workplaces Act)
• Employee Assistance Program
• Flexible Work Stipend

​

*Eligibility may differ by country

​

We're committed to building a global team! For certain roles outside the United States, U.K., and the Netherlands, we partner with Remote.com as our Employer of Record (EOR).

​

Employment at HackerOne is contingent on a background check.

​

HackerOne is an Equal Opportunity Employer in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, pregnancy, disability or veteran status, or any other protected characteristic as outlined by international, federal, state, or local laws.

​

This policy applies to all HackerOne employment practices, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. HackerOne makes hiring decisions based solely on qualifications, merit, and business needs at the time.

​

For US based roles only: Pursuant to the San Francisco Fair Chance Ordinance, all qualified applicants with arrest and conviction records will be considered for the position.

​

HackerOne Values

HackerOne commits to maintaining a strong, inclusive culture built for our employees and our community of hackers. We are driven by our five core values. We recognize that our mission is bigger than us, and therefore act with integrity at all times. As a team, we believe that transparency builds trust so we default to disclosure in our communications. Each individual executes with excellence, creating an environment of greater alignment and greater autonomy. We win as a team and respect all people to empower everyone to learn from each other, innovate, and grow.

The Position:

VTA is seeking a Deputy Director, Physical & Cyber Security to lead critical security operations within the System Safety and Security Administration Department. If you are a seasoned law enforcement professional with command-level experience, this is your opportunity to lead security efforts—both physical and cybersecurity—for one of the Bay Area’s essential transit systems. This is a hands-on, on-site leadership position—not a remote role— where you’ll collaborate with top security professionals and law enforcement agencies. To support your move, we offer a relocation package to ensure a smooth and rewarding transition.

​

This role offers a dynamic blend of responsibilities, with 60% focused on law enforcement and physical security and 40% dedicated to cybersecurity each week. As a leader overseeing both domains, you will oversee physical and cyber security programs while ensuring compliance with federal and state regulations and collaborating with agencies such as CISA, TSA, DHS, and FEMA. You’ll be at the forefront of security planning for major global events like Super Bowl 60, NCAA March Madness, and the FIFA World Cup 2026, leading efforts in threat assessment, crisis response, and risk management to safeguard passengers, employees, and infrastructure.

​

As a pivotal member of our executive team, you’ll develop and implement robust security strategies that align with the agency’s mission and regulatory requirements. If you have a passion for public service, a proven track record in security management, and the leadership skills to drive proactive security initiatives, we invite you to apply for this challenging and rewarding role. Join us and make a lasting impact on public safety and transit security!

​

About VTA:

The Santa Clara Valley Transportation Authority employs more than 2,000 people dedicated to providing solutions that move Silicon Valley. Unique among transportation organizations in the San Francisco Bay Area, VTA is Santa Clara County’s authority for transit development and operations (light rail and bus), congestion management, transportation-related funding, highway design and construction, real estate and transit-oriented development, and bicycle and pedestrian planning. With local, state, and federal partners, VTA works to innovate the way Silicon Valley moves and provide mobility solutions for all.

​

Santa Clara Valley Transportation Authority (VTA) is an independent special district that provides sustainable, accessible, community-focused, innovative, and environmentally responsible transportation options promoting the region's vitality. VTA provides bus, light rail, and paratransit services and participates as a funding partner in regional rail services, including Caltrain, Capital Corridor, and the Altamont Corridor Express.

​

To learn more, go to: https://www.vta.org/

• Collaborate with senior agency officials to develop and enforce security policies, protocols, and procedures.
• Provide strategic direction and leadership to the security team, ensuring that security initiatives align with agency goals and compliance standards.
• Develop and implement risk management strategies to identify, assess, and mitigate security threats and vulnerabilities.
• Oversee the planning, design, and implementation of physical security measures, including access control systems, surveillance, and emergency response protocols.
• Ensure the security and safety of agency facilities, employees, and the public by maintaining and enhancing physical security infrastructure.
• Experience in managing sworn police staff at a management level is desired
• Experience in responding to and leading initiatives to address workplace violence incidents and prevention strategies
• Coordinate with local law enforcement and emergency services to enhance physical security preparedness and response.
• Lead the development and execution of cybersecurity policies and initiatives to protect agency information systems from cyber threats.
• Oversee the implementation of cybersecurity measures, including firewalls, intrusion detection systems, and incident response plans.
• Ensure compliance with federal, state, and local cybersecurity regulations and standards.
• Conduct regular security audits and assessments to identify and address potential vulnerabilities.
• Develop and implement comprehensive security training programs for agency staff to promote security awareness and best practices.
• Conduct regular drills and exercises to ensure staff preparedness for security incidents and emergencies.
• Foster strong relationships with internal and external stakeholders, including government agencies, law enforcement, and cybersecurity organizations.
• Serve as the primary point of contact for security related issues and incidents, providing timely and effective communication to senior leadership and relevant stakeholders.
• Develop and manage the security budget, ensuring the efficient allocation of resources to support security initiatives.
• Oversee the procurement and maintenance of security equipment and technologies.

Required Qualifications:

• Sufficient education and increasingly responsible experience to demonstrate possession of the required knowledge, skills, and abilities.
• Graduation from an accredited college or university with a four-year degree in criminal justice or a related field and extensive increasingly responsible experience developing and managing security programs for a public or private sector organization.
• Experience in physical security, cyber security, and demonstrated managerial experience.
• Possession of a valid California driver's license is required.
• Possession of active Transit Safety and Security Program (TSSP) certification, Certified Information Systems Security Professional (CISSP), and Certified Information Security Manager (CISM) certification is required.

​

Preferred Qualifications:

• A certification in ASIS Certified Protection Professional (CPP) is preferred.
• Law enforcement backgrounds with cybersecurity-related acumen are preferred.
• Possession of Top-Secret Clearance
• Master’s degree in criminal justice, business administration, or related field.

What's in it for You?

• Work/Life Balance: 40-hour work weeks, and an option of a flexible/hybrid remote schedule.
• Health: VTA participates in a CalPERS-sponsored medical plan with VTA contribution to employee and dependent premium health insurance premiums. Employees pay a monthly contribution of any amount in excess of the Kaiser Bay Area Family rate.
• Flex Spending Account: $300 employer-funded Health FSA for eligible employees
• Vision: VSP full premium for employees and eligible dependents
• Dental: Delta Dental full premium for employees and eligible dependents
• Leave: 17 days of vacation (accrued), 80 Hours of sick time (accrued), 12 paid holidays per year, and 1 floating holiday per year.
• Retirement: Participation in CalPERS
• Classic Members: 2%@55
• PEPRA Members: 2%@62
• 457 Deferred Compensation Plan (voluntary)
• 457 pre-tax
• 457 Roth
• Self-directed brokerage account option for qualifying employees
• Retiree medical coverage for eligible employees with VTA contributions to the retiree’s medical premium

​

Additional perks:

• All active full-time employees and their eligible dependents are eligible for transit passes for use over VTA lines, including VTA Paratransit services.
• Employee Assistance Program (EAP) is available to each employee, eligible dependent, and household member, 24 hours a day, seven days a week.
• Tuition Reimbursement
• Professional Development Fund
• Wellness Programs

​

As we continue to implement our [VTA Forward Plan](https://www.vta.org/VTAForward#:~:text=VTA Forward is aimed to,%3A Stabilize%2C Revitalize and Transform), we aim to strengthen and increase our workforce to take on future opportunities and challenges by elevating our people and our services.

​

For more information about our VTA Forward Plan, visit: https://www.vta.org/VTAForward

​

General Instructions:

​

Please read this entire job announcement before applying for the position. Print and keep a copy of this announcement so that you can refer to it. Questions not answered within this job announcement may be sent to personnel@vta.org.

​

To ensure consideration, completed applications must be submitted online to the Human Resources department by the stated closing time and date posted. When the stated closing date is “continuous,” apply immediately; the position may close without notice. You will receive an immediate email confirming receipt of your submitted application. If you do not receive this email, contact NEOGOV's Applicant Assistance Line at (855) 524-5627 between 8:00AM to 5:00PM (PST) Monday through Friday, excluding holidays.

​

Only on-line applications will be accepted for this recruitment (paper applications or resumes will not be accepted). Job Interest Notification Cards, or copies of previous, partial, or un-submitted applications, are not an acceptable substitute to a completed application.

​

ALL APPLICATION AND TESTING NOTIFICATIONS WILL BE SENT BY E-MAIL. Applicants should select e-mail as the preferred method of notification. Candidates must maintain an up-to-date, valid and reliable e-mail address. Candidates are also responsible for maintaining up-to-date phone numbers and addresses on their on-line account. Due to the number of applications received, candidates must check their application status through their on-line account. Contact NeoGov for assistance if needed.

​

Information on how to apply for jobs at the VTA is available on the VTA Employment website and from the NEOGOV's Applicant Assistance Line (855) 524-5627. NeoGov Applicant support is available from 8:00AM to 5:00PM (PST) Monday through Friday, excluding holidays.

​

Americans with Disabilities Act Accommodations

​

The Human Resources Department will make reasonable efforts in the recruitment/examination process to accommodate applicants with disabilities. If you wish to request an accommodation, call the Human Resources Department at (408) 321-5575 or email at Personnel@vta.org.

​

Application Processing Information

​

All related current and past work experience (including VTA experience) must be listed and fully described in the Work Experience section of the application ("See Resume" is not acceptable). Incomplete or improperly completed online applications may be rejected even if you are qualified for the position for which you are applying. It is your responsibility to ensure that the online application reflects the work experience and education needed to meet the requirements for the position you are applying for. Although your resume may have all your experience and education details, please make sure to complete each section of the online application to ensure that your information is accurately captured during our screening process.

​

All applications are subject to review as to meeting minimum qualifications at any point in the recruitment process. Passing any step is no guarantee of continuation if it is determined that the applicant does not meet the minimum qualifications as stated in the class specification.

​

Candidates found to have exaggerated/falsified their qualifications, experience, training, and/or education may be disqualified at any point in the recruitment process and may be denied future employment with the VTA.

​

If selected for the position, candidates will be required to complete a criminal conviction disclosure form. Candidates who successfully become VTA employees and fail to disclose any of the criminal background information as required may be subject to discipline up to and including discharge.

​

Eligible Lists typically remain in effect for six (6) months. However, Human Resources may abolish Eligible Lists at any time during the six (6) month period. Human Resources may extend eligible Lists for up to two (2) years. Eligible Lists may be used for more than one recruitment. If you have questions related to an Eligible List you might be on or were on, you should contact Human Resources.

​

If you have questions regarding your status as an applicant for this position, please call the Human Resources Department at (408) 321-5575 or email at Personnel@vta.org.

​

VTA is committed to providing reasonable accommodations to applicants and employees with disabilities or religious needs, absent undue hardship.

​

VTA is an equal employment opportunity employer. VTA does not and will not tolerate discrimination against applicants or employees on the basis of age, ancestry, color, marital status, mental or physical disability, genetic information, national, origin, immigration status, political affiliation, race, religion, creed, sex, gender identity, gender expression, sexual orientation, pregnancy, medical condition, disabled veteran or veteran status, etc.

Summary Information about the Role

The Information and Cyber Security Risk Management (MD) at Webster Bank will play a critical leadership role in overseeing and strengthening the bank’s control environment from an information and cyber security perspective. The role will be responsible for the strategic and day-to-day oversight of information and cyber security-related risk management and control practices across the entire organization. This role will lead a team that works closely with business and IT, risk management, compliance, and internal audit to ensure robust information and cybersecurity risk and control coverage aligned to industry control frameworks that meet industry best practices, compliance with regulatory requirements, and alignment with Webster Bank’s overall risk appetite. The role will report directly to the Information and Cybersecurity Risk Management (SMD) and is expected to provide thought leadership, guidance, and direction to enhance the bank’s information and cyber security risk and controls posture. The ideal candidate will bring strong expertise in information and cyber security, technology risk, operational risk, enterprise risk, internal audit, internal controls and testing within the banking sector.

​

Company Overview

If you’re looking for a meaningful career, you’ll find it here at Webster. Founded in 1935, our focus has always been to put people first--doing whatever we can to help individuals, families, businesses and our colleagues achieve their financial goals. As a leading commercial bank, we remain passionate about serving our clients and supporting our communities. Integrity, Collaboration, Accountability, Agility, Respect, Excellence are Webster’s values, these set us apart as a bank and as an employer.

​

Come join our team where you can expand your career potential, benefit from our robust development opportunities, and enjoy meaningful work!

• Strategic Oversight: Manage strategic and day-to-day oversight of information and cyber security-related risk management and related control practices across the organization.
• Stakeholder Engagement & Advisory: Collaborate with various business, IT, and operational teams to promote a strong risk culture, offering guidance on control design and risk mitigation strategies. Serve as the primary liaison between Corporate Information Security, business units, and external auditors/examiners on information and cyber security control matters.
• Control Framework Development & Oversight: Design, implement, and maintain IT control frameworks, ensuring alignment with industry best practices (e.g., NIST, CRI, COBIT, COSO) and regulatory standards. Oversee ongoing control assessments to facilitate timely remediation of identified gaps.
• Risk Identification & Management: Partner with IT and Business Unit stakeholders to identify emerging technology risks, evaluate potential impacts, and develop mitigation strategies. Drive continuous monitoring of key risk indicators (KRIs) to maintain proactive identification and resolution of risk areas.
• Policy & Regulatory Compliance: Ensure adherence to internal policies, regulatory requirements, and cybersecurity standards applicable to the bank’s environment. Coordinate with the Legal and Compliance teams to stay abreast of new or changing regulations and provide guidance to business units.
• Controls Design & Inventory: Design and implement effective controls to mitigate identified risks, providing recommendations for improvement where necessary.
• ISRA Program Management: Lead the execution and documentation of ISRA and Corporate Information Security processes across the organization to ensure it aligns with regulatory requirements and industry best practices. Assist with designing and enhancing the ISRA and Corporate Information Security programs, ensuring compliance with internal policies, industry best practices and regulatory requirements.
• Risk Assessment: Coordinate and facilitate risk assessment workshops and activities to identify potential information and cyber security risks and control gaps. Analyze risk data to assess the likelihood and impact of risks on the bank’s operations.
• Proactive Oversight: Ensure proactive identification of potential information and cyber security control issues and deficiencies, determine root causes, and develop and execute on necessary remediation plans.
• Team Leadership & Development: Supervise and mentor a team of information and cyber security risk professionals, setting performance expectations, providing regular feedback, and fostering professional growth. Promote a culture of accountability, collaboration, and continuous learning within the team and across front line units.
• Reporting & Communication: Prepare comprehensive reports for senior management, regulatory bodies, and board committees with clear insights into information and cyber security risk exposure and control effectiveness, and action plans for identified gaps. Exceptional written and verbal communication skills, with the ability to clearly convey technical risk concepts to non-technical audiences and executive leadership.
• Training & Awareness: Lead training sessions to enhance staff understanding of information and cyber security risk management principles, control processes, and responsibilities. Promote a proactive information and cyber security risk management culture through continuous education and awareness initiatives.
• Continuous Improvement: Evaluate and improve the overall information and cyber risk and control environment to adapt to changes in the regulatory environment, business operations, and emerging risks.
• Audit & Regulatory Coordination: Support internal audits and regulatory examinations, ensuring all required documentation and evidence are accurate and readily available. Act as a liaison between the business and regulators, providing transparent and comprehensive updates on the information and cyber risk management program.
• Risk Management: Collaborate with senior leadership and department heads to identify and evaluate key risks, implement risk control measures, and monitor risk mitigation efforts.
• Governance: Oversee regular governance forums to ensure timely escalation, decision-making, and resource allocation for risk remediation activities.

Required Qualifications:

​

• Bachelor’s degree in Computer Science, Information Systems, Business Administration, or a related field.

​

Preferred Qualifications:

​

• Advanced degree and/or preferred industry-recognized certifications:
• CISA (Certified Information Systems Auditor)
• CISSP (Certified Information Systems Security Professional)
• CRISC (Certified in Risk and Information Systems Control)
• CGEIT (Certified in the Governance of Enterprise IT)
• (Any combination of these certifications or equivalent professional designations is highly desirable.)
• Deep understanding of banking regulations, risk management frameworks, internal control standards, internal audit methodology and QA best practices.
• Strong understanding of IT governance frameworks (e.g., NIST, CRI, COBIT), as well as relevant regulations (e.g., FFIEC, SOX, GLBA).
• Demonstrated ability to analyze complex technological environments and design appropriate control mechanisms.
• In-depth knowledge of OCC Heightened Standards and Regulatory Category IV banking requirements preferred.

The estimated salary range for this position is $170,000.00 to $185,000.00. Actual salary may vary up or down depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position is eligible for incentive compensation.

​

#LI-Hybrid

​

#LI-FO1

​

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.