Product Security Analyst

Thomson Reuters is a global company trusted by millions, seeking a Product Security Analyst to enhance their security culture. In this role, you will operationalize key security programs, manage security reviews, and support security awareness initiatives across the organization.

Responsibilities

• Manage security-by-design governance by scheduling and facilitating security reviews across different risk types (AI, cloud) and tracking progress against SLAs
• Drive the Security Guardians program by coordinating meetings, training sessions, community events, and developing security enablement materials for product and engineering teams
• Collaborate across security teams including Security Architecture, Product Security, Red Teaming, and Pentest to align priorities and facilitate communication with stakeholders
• Track and report on security activities using dashboards, backlog management tools, and collaboration platforms while ensuring compliance with service level agreements
• Support security awareness initiatives by creating and distributing playbooks, quick-reference guides, and communications to foster security culture
• Contribute to process improvement by refining reporting processes, developing runbooks, and enhancing security workflows in partnership with data engineering teams
• Maintain program artifacts including participant lists, onboarding materials, communication templates, and collecting feedback to identify improvement opportunities

Skills

• 1–3+ years of experience in program/project management and coordination, security operations, or supporting technical teams
• Familiarity with product security practices, secure-by-design principles, or security awareness and enablement programs
• Proven experience coordinating meetings, tracking action items, and managing stakeholder communications
• Proficiency using dashboards, backlog management tools, and collaboration platforms (e.g., Jira, Confluence, Teams, or similar)
• Strong communication and organizational skills with an emphasis on structured follow-through and attention to detail
• Demonstrated interest in fostering security culture and collaborating effectively with product and engineering teams
• Experience supporting security awareness, training, or security champion programs
• Exposure to recognized security frameworks and standards (e.g., NIST, ISO 27001, SOC 2) and GRC tools (e.g., OneTrust, RSA Archer)
• Familiarity with product development lifecycles and foundational concepts of application or cloud security
• Experience preparing security-related content such as presentations, emails, FAQs, or quick guides for internal stakeholders

Benefits

• Hybrid Work Model: We’ve adopted a flexible hybrid working environment (2-3 days a week in the office depending on the role) for our office-based roles while delivering a seamless experience that is digitally and physically connected.
• Flexibility & Work-Life Balance: Flex My Way is a set of supportive workplace policies designed to help manage personal and professional responsibilities, whether caring for family, giving back to the community, or finding time to refresh and reset.
• Career Development and Growth: By fostering a culture of continuous learning and skill development, we prepare our talent to tackle tomorrow’s challenges and deliver real-world solutions.
• Industry Competitive Benefits: We offer comprehensive benefit plans to include flexible vacation, two company-wide Mental Health Days off, access to the Headspace app, retirement savings, tuition reimbursement, employee incentive programs, and resources for mental, physical, and financial wellbeing.
• Culture: Globally recognized, award-winning reputation for inclusion and belonging, flexibility, work-life balance, and more.
• Social Impact: Make an impact in your community with our Social Impact Institute. We offer employees two paid volunteer days off annually and opportunities to get involved with pro-bono consulting projects and Environmental, Social, and Governance (ESG) initiatives.

Company Overview