Security Product Lead –  Enterprise & Identity Security

<div class="content-intro"><p><a href="https://www.sofi.com/sofi-employee-applicant-privacy-notice/" target="_blank"><strong>Employee Applicant Privacy Notice</strong></a></p> <p><strong>Who we are:</strong></p> <div> <p>Shape a brighter financial future with us.</p> <p>Together with our members, we’re changing the way people think about and interact with personal finance.</p> <p>We’re a next-generation financial services company and national bank using innovative, mobile-first technology to help our millions of members reach their goals. The industry is going through an unprecedented transformation, and we’re at the forefront. We’re proud to come to work every day knowing that what we do has a direct impact on people’s lives, with our core values guiding us every step of the way. <strong>Join us to invest in yourself, your career, and the financial world.</strong></p> </div></div><p><strong>Role Overview</strong></p> <p>The Security Product Lead – Enterprise Identity Security is responsible for defining the strategic direction, roadmap, and measurable outcomes for securing the organization's enterprise infrastructure, critical internal systems, and user identities. This role sits within the Security Strategy Delivery team and partners closely with the Identity Access Management (IAM), Infrastructure Security, and Engineering functional leaders and operational teams.</p> <p>This position ensures that Enterprise Security and Identity Security capabilities are treated as internal security products—aligned to enterprise risk priorities, supported by a clear roadmap, measured through defined KPIs, and delivered through structured program governance.</p> <p>The role requires strong cross-functional collaboration, strategic thinking, and the ability to influence without direct authority. By ensuring robust identity governance and securing enterprise infrastructure, this role directly supports the organization's overarching goal of protecting member trust, safeguarding corporate assets, and ensuring the continued stability and growth of the business.</p> <p> </p> <p><strong>Key Responsibilities</strong></p> <p><strong>Strategy Roadmap Stewardship</strong></p> <ul> <li>Develop and maintain a multi-year strategy and roadmap for Enterprise Security, Identity Security (IAM, PAM, Authentication), and AI Security capabilities.</li> <li>Align roadmap priorities with enterprise risk objectives, regulatory requirements (e.g., access controls, data governance, AI governance), and evolving threat landscape.</li> <li>Identify capability gaps (e.g., zero-trust adoption, privileged access maturity, AI model integrity) and define strategic investment opportunities.</li> <li>Translate strategic objectives into structured, sequenced initiatives.</li> </ul> <p> </p> <p><strong>Product Capability Management</strong></p> <ul> <li>Enterprise Security</li> </ul> <ul> <li>Define the value proposition and service model for Enterprise Security capabilities (e.g., infrastructure hardening, cloud security posture).</li> <li>Add aspects of data security under enterprise security: Establish product requirements and roadmaps for Data Security capabilities, including data loss prevention (DLP), data classification, data encryption, and ensuring compliance with data privacy regulations.</li> </ul> <ul> <li>Identity Management</li> <ul> <li>Define the value proposition and service model for Identity Management capabilities (e.g., self-service access, least privilege principle, lifecycle management).</li> <li>Establish clear capability maturity targets (e.g., IAM coverage, access certification completeness) and continuous improvement plans.</li> </ul> <li>Maintain and prioritize a strategic backlog across all areas aligned to measurable risk reduction outcomes (e.g., reduction in over-privileged accounts, faster access revocation, secure-by-design adoption in AI).</li> <li>Ensure capabilities are treated as ongoing products with lifecycle ownership, not one-time proj ... (truncated, view full listing at source)