Product Security Compliance Manager

Position Overview 

Join Autodesk’s Fusion Platform team within the Product Design and Manufacturing Solutions (PDMS) organization as a Product Security Compliance Manager, helping embed security, resiliency, and compliance across a portfolio of desktop, hybrid cloud, and cloud-based products. 

The Fusion Platform organization is on a multi-year journey to transform design-to-manufacturing workflows by converging cloud-based, device-independent, and highly scalable platform technologies. As Autodesk continues its transformation toward cloud-connected and integrated design and manufacturing workflows, strong security, privacy, and regulatory compliance are essential to delivering trusted products at scale. 

Reporting to the Director, Platform Programs, you will partner closely with Product Security Developers, security, product, and platform teams, as well as Autodesk’s corporate Trust organization. You will guide engineering and product teams through regulated compliance efforts such as ITAR and FedRAMP (including GovCloud deployments), while coordinating the implementation of internal Trust requirements across security, privacy, resiliency, and Trusted AI, aligned with SOC 2, ISO/IEC 27001, and NIST SP 800-53. 

This is a strategic, hands-on role for someone who enjoys working with developers, translating regulatory and trust requirements into practical guidance, and collaborating across organizational boundaries to manage risk and support product delivery. 

Responsibilities 

• Partner with Product Security Developers, security, product, and engineering teams to align security and privacy requirements with product architecture across desktop, hybrid cloud, and cloud-based products

• Lead and coordinate regulated compliance efforts such as ITAR and FedRAMP (including GovCloud deployments), supporting engineering teams through readiness, assessment, authorization, and ongoing compliance

• Translate regulatory, audit, security, privacy, resiliency, and Trusted AI requirements into clear, actionable guidance for product and engineering teams

• Collaborate across organizational boundaries with the corporate Trust organization to ensure alignment with enterprise trust standards, objectives, and reporting

• Lead cross-functional working groups for trust excellence and product certifications, participate in regionalization working groups, and contribute to continuous improvement initiatives

• Support the implementation and ongoing maintenance of internal Trust requirements, aligned with SOC 2, ISO/IEC 27001, and NIST SP 800-53–aligned controls

• Track and report on product trust commitments across security, privacy, availability, resilience, and recoverability

• Coordinate audits, government assessments, and customer security or compliance reviews

• Support security testing activities, security awareness efforts, incident response follow-up, business continuity considerations, and trust documentation

Minimum Qualifications 

• Bachelor's degree in Cybersecurity, Computer Information Systems, or a related field 

• 4–6 years of experience in product security, security compliance, risk management, or trust-related roles

• Experience supporting engineering teams through ITAR, FedRAMP, and/or GovCloud compliance or certification efforts

• Knowledge of Secure Software Development Lifecycle (SSDLC) processes and best practices

• Understanding of information security risks and controls across application, data, infrastructure, and enterprise systems, preferably in cloud or hybrid environments (e.g., AWS)

• Familiarity with security and privacy frameworks and regulations such as SOC 2, NIST SP 800-53, ISO/IEC 27001, GDPR, and CCPA. 

• Experience working with engineering and security teams in a matrixed organization

• Strong communication, organizational, and documentation skills

• Desire to continue to learn and challenge yourself 

• Able to travel as required (less than 25%) 

Preferred Qualifications 

• CISSP, FedRAMP Practitioner, or CCSP certification

• Experience working with desktop software and cloud-connected or hybrid products

• Familiarity with regulated environments, data residency, or regionalization requirements

• Experience supporting audits, penetration testing, or vulnerability management programs