Technical Product Manager

Title: Technical Product Manager – CyberGRC

Job Location: - Bengaluru

We are looking for an experienced and driven Technical Product Manager – CyberGRC to lead the evolution of MetricStreams AI-powered Cyber Risk and Compliance product suite. This role sits at the intersection of deep cybersecurity domain expertise and modern product innovation.

The ideal candidate will have hands-on experience delivering or using cyber GRC platforms — and will bring a sharp understanding of the space. You will shape the product roadmap to advance MetricStreams capabilities across continuous compliance automation, AI-driven risk management and real-time cyber risk visibility — driving MetricStreams transition to a continuous and autonomous compliance and risk platform.

You will own the product strategy and execution for capabilities spanning the full CyberGRC lifecycle, including:

IT and Cyber Risk management

• Risk assessment workflows with pre-packaged and customizable risk libraries, scoring algorithms, and treatment plans
• Vulnerability management integration: ingesting signals from vulnerability scanners, ITSM platforms, EDR tools, and cloud security posture tools to surface and prioritize risk findings
• Exposure management capabilities linking technical findings (vulnerabilities, misconfigurations) to quantified business impact
• Threat intelligence integration feeding real-time context into risk registers and dashboards
• Continuous cyber risk quantification (CRQ) using FAIR-based financial models, enabling CISOs to express risk in business terms for board and regulatory reporting
• AI agents that autonomously assess, prioritize, and summarize risk exposure across the IT and cyber landscape
• Predictive risk scoring and heat maps with automated, real-time updates — moving beyond static, point-in-time assessments

Compliance Automation & Framework Management

• Continuous controls monitoring and automated evidence collection across major frameworks: ISO 27001, NIST CSF, NIST SP 800-53, SOC 2, PCI DSS, HIPAA, GDPR, DORA, and the NIST AI RMF
• Cross-framework control mapping so customers satisfy multiple requirements without duplicate effort
• Agentic policy management: AI-driven policy generation, version control, change summaries, and automated approval workflows
• Audit-readiness workflows with continuously collected auditor-facing evidence packages

• Executive and board-level dashboards that translate cyber risk posture into financial and business terms
• Regulator-ready reports for SEC, NYDFS, DORA, and other mandated disclosures
• Trust center capabilities allowing customers to share real-time compliance posture with auditors and enterprise customers

AI & Emerging Risk Domains

• Governance capabilities for GenAI risk, including prompt injection, model abuse, training data risks, and LLM-specific attack vectors
• AI Security Assessments aligned to ISO 42001, NIST AI RMF, and the EU AI Act

Explainable AI features that surface rationale behind automated risk scores and recommendations

Key Responsibilities

• Product Roadmap & Execution: Own the CyberGRC product vision and multi-quarter roadmap, making strategic prioritization decisions informed by competitive intelligence, customer research, and MetricStreams ConnectedGRC platform strategy.
• Competitive Product Strategy: Maintain deep awareness of how MetricStreams CyberGRC competes with competitors — and identify features that close gaps or establish differentiated leadership.
• Customer & CISO Engagement: Lead discovery sessions, design sprints, and advisory conversations with CISOs, cyber risk managers, compliance officers, and security teams to uncover unmet needs and validate product direction.
• Requirements Management: Translate complex cybersecurity workflows and regulatory requirements into crisp product requirements, user stories, and acceptance criteria grounded in real-world risk scenarios.
• Cross-Functional Collaboration: Partner closely with engineering, data science, UX, and QA to ship secure, scalable, and high-quality product capabilities on time.
• AI Feature Development: Define use cases and requirements for AI-powered features including agentic workflows, automated evidence collection, risk summarization, and predictive scoring — ensuring explainability and trust.
• Backlog Prioritization: Continuously manage and prioritize the product backlog, balancing new capabilities, platform debt, integration depth, and regulatory coverage.
• Go-to-Market Partnership:

  Looking to get Placed? Try our Placement Guarantee Plan

  Get Hired
  Work with sales, customer success, and marketing to prepare compelling product narratives, enable field teams, and integrate customer feedback loops into the development cycle.
• Metrics & Adoption: Define and monitor KPIs for CyberGRC product adoption, feature utilization, and customer outcomes — using data to iterate and improve.
• Product Evangelism: Represent MetricStream CyberGRC in customer engagements, analyst briefings, and industry forums, clearly articulating product value for cyber risk and compliance stakeholders

Skills and Experience

• Experience: 6–10 years in Cyber Risk Management, IT GRC, Compliance, or Security Product roles, ideally within enterprise SaaS, regulated industries, or GRC platform environments.
• Domain Expertise: Deep understanding of cyber risk frameworks and methodologies — threat modeling, vulnerability management, control assessment, risk treatment, and financial risk quantification (FAIR).
• Competitive Awareness: Familiarity with the modern cyber GRC and compliance automation landscape, including platforms such as Vanta, Drata, SAFE Security, ServiceNow IRM, or OneTrust.
• Compliance Frameworks: Working proficiency across key standards including ISO 27001, NIST CSF, NIST SP 800-53, SOC 2, PCI DSS, GDPR, HIPAA, DORA, and the NIST AI RMF.
• Technical Acumen: Comfort with AI/ML concepts in cybersecurity (anomaly detection, agentic workflows, risk scoring models), API integrations, and cloud security architecture.
• Product Mindset: Demonstrated experience with modern product development practices — design thinking, agile delivery, user story writing, and data-informed iteration.
• Stakeholder Communication: Ability to translate technical risk concepts into board-level and business language, and to influence cross-functional teams without direct authority.
• Certifications (Preferred): CISSP, CRISC, CISM, CISA, or CEH

Education

Bachelors or Masters degree in Cybersecurity, Information Technology, Risk Management, Computer Science, or a related discipline.