Product Security Analyst

Thomson Reuters is a global company trusted by millions, seeking a Product Security Analyst to support their security initiatives. The role involves operationalizing key security programs, managing security reviews, and fostering a robust security culture across product and engineering teams. Responsibilities Manage security-by-design governance by scheduling and facilitating security reviews across different risk types (AI, cloud) and tracking progress against SLAs Drive the Security Guardians program by coordinating meetings, training sessions, community events, and developing security enablement materials for product and engineering teams Collaborate across security teams including Security Architecture, Product Security, Red Teaming, and Pentest to align priorities and facilitate communication with stakeholders Track and report on security activities using dashboards, backlog management tools, and collaboration platforms while ensuring compliance with service level agreements Support security awareness initiatives by creating and distributing playbooks, quick-reference guides, and communications to foster security culture Contribute to process improvement by refining reporting processes, developing runbooks, and enhancing security workflows in partnership with data engineering teams Maintain program artifacts including participant lists, onboarding materials, communication templates, and collecting feedback to identify improvement opportunities Skills 1–3+ years of experience in program/project management and coordination, security operations, or supporting technical teams Familiarity with product security practices, secure-by-design principles, or security awareness and enablement programs Proven experience coordinating meetings, tracking action items, and managing stakeholder communications Proficiency using dashboards, backlog management tools, and collaboration platforms (e.g., Jira, Confluence, Teams, or similar) Strong communication and organizational skills with an emphasis on structured follow-through and attention to detail Demonstrated interest in fostering security culture and collaborating effectively with product and engineering teams Experience supporting security awareness, training, or security champion programs Exposure to recognized security frameworks and standards (e.g., NIST, ISO 27001, SOC 2) and GRC tools (e.g., OneTrust, RSA Archer) Familiarity with product development lifecycles and foundational concepts of application or cloud security Experience preparing security-related content such as presentations, emails, FAQs, or quick guides for internal stakeholders Benefits Hybrid Work Model: We’ve adopted a flexible hybrid working environment (2-3 days a week in the office depending on the role) for our office-based roles while delivering a seamless experience that is digitally and physically connected. Flexibility & Work-Life Balance: Flex My Way is a set of supportive workplace policies designed to help manage personal and professional responsibilities, whether caring for family, giving back to the community, or finding time to refresh and reset. This builds upon our flexible work arrangements, including work from anywhere for up to 8 weeks per year, empowering employees to achieve a better work-life balance. Career Development and Growth: By fostering a culture of continuous learning and skill development, we prepare our talent to tackle tomorrow’s challenges and deliver real-world solutions. Our Grow My Way programming and skills-first approach ensures you have the tools and knowledge to grow, lead, and thrive in an AI-enabled future. Industry Competitive Benefits: We offer comprehensive benefit plans to include flexible vacation, two company-wide Mental Health Days off, access to the Headspace app, retirement savings, tuition reimbursement, employee incentive programs, and resources for mental, physical, and financial wellbeing. Culture: Globally recognized, award-winning reputation for inclusion and belonging, flexibility, work-life balance, and more. We live by our values: Obsess over our Customers, Compete to Win, Challenge (Y)our Thinking, Act Fast / Learn Fast, and Stronger Together. Social Impact: Make an impact in your community with our Social Impact Institute. We offer employees two paid volunteer days off annually and opportunities to get involved with pro-bono consulting projects and Environmental, Social, and Governance (ESG) initiatives. Company Overview Thomson Reuters delivers critical information from the financial, legal, accounting, intellectual property, science, and media markets. It was founded in 2008, and is headquartered in Toronto, Ontario, CAN, with a workforce of 10001+ employees. Its website is