Product Manager – AppSec

JOB DESCRIPTION

Location: Hybrid | Downtown, Toronto

Duration: 6 months

Our client a leading financial institution in Downtown Toronto, is looking for a Product Manager – AppSec to support the development and execution of product roadmaps for AppSec capabilities. The successful candidate will have the opportunity to work with one of the Top 5 Banks in Canada.

Typical Day in role:

Product Execution & Planning

• Support the development and execution of product roadmaps for AppSec capabilities.
• Translate product strategy into actionable tasks and user stories.
• Work directly with security tools to evaluate, configure, and optimize SDLC integrations
• Assist in backlog management and feature prioritization based on business value and risk.

Team Collaboration

• Partner with engineering, architecture, and DevOps teams to deliver security capabilities.
• Participate in Agile ceremonies including sprint planning, stand-ups, and retrospectives.
• Help facilitate working sessions to resolve delivery blockers.

AppSec Enablement

• Support the rollout and configuration of application security tools (e.g., SAST, DAST, SCA).
• Partner with development teams to enable security checks in their workflows.
• Support security findings review to validate accuracy and help prioritize policy updates.
• Monitor emerging threats and industry trends to guide feature enhancements.
• Collaborate with security teams to maintain a strong application security posture.
• Contribute to defining rules and policies that align with organizational risk tolerance.

Stakeholder Engagement

• Develop training materials to educate internal teams on product security features.
• Contribute to stakeholder communications and reporting.

Product Ownership & Vendor Coordination

• Maintain product backlogs and assist in defining epics and user stories.
• Support vendor coordination and onboarding activities.
• Contribute to business case development and cost/benefit analysis.

Data-Driven Insights

• Use data insights to support roadmap decisions and measure product impact.
• Assist in preparing presentations and reports for leadership and stakeholders.
• Define KPIs to measure capability effectiveness (e.g., scan coverage, false positive rate, time to remediation).

Must-Have Skills:

• 8 years’ experience in IT with at least 2 + years of experience on application security (preferably, SAST, DAST, or OSSS). Someone who has worked before as an Application security product manager/specialist.
• 3+ years’ experience with product strategy and maintaining a product backlog
• 3+ years working in Agile teams; experienced in sprint ceremonies and writing epics/user stories
• Demonstrable communication and presentation skills for technical and executive audiences

Nice-To-Have Skills:

• Exposure to popular CI/CD tools like Jenkins, Azure DevOps, GitLab CI/CD, CircleCI
• CISSP/CCSP/CSPO/SAFe POPM Certification

Soft Skills Required:

• A demonstrated history of problem-solving, technology implementation, and sound judgment
• Fluent English-language verbal and written communications: the ability to distill complex and ambiguous operational processes, business requirements/rules, and data sets into process flows and analysis, concisely convey technical requirements and requests, prepare and edit high-quality documentation, and be accepted as a trusted advisor by peers
• Able to work remotely and on-site on multiple activities simultaneously and meet deadlines

Education:

• Bachelor’s Degree in Engineering, Information Sciences, or equivalent field

Finance professional is committed to creating an inclusive environment where all team members and clients feel like they belong. We seek applicants with a wide range of abilities and we provide an accessible candidate experience. We advocate for you and welcome anyone regardless of race, color, religion, national origin, sex, physical or mental disability, or age.