Principal Product Security Manager - Regulations and Standards

The Product Security Manager for regulations and standards will lead Arm’s efforts to meet and maintain compliance with evolving global product security regulations, including the EU Cyber Resilience Act (CRA). This role will work multi-functionally with engineering, legal, product management, and security teams to ensure Arm’s products and processes align with regulatory requirements while supporting innovation and customer trust. It also consists on actively representing Arm in key international standards and regulatory working groups helping build the industry landscape.

Regulatory Monitoring & Strategy

• Track, analyse, and interpret upcoming product security regulations (e.g., EU CRA, NIS2, U.S. cybersecurity labelling).
• Develop and communicate a regulatory compliance roadmap tailored to Arm’s product portfolio.
• Serve as the internal subject matter expert on security-related regulatory obligations.

Compliance Program Development

• Support the product security team in implementing policies, frameworks, and processes to ensure product compliance with security regulations.
• Lead risk assessments and gap analyses against regulatory requirements.

Cross-functional Coordination

• Partner with engineering and product teams to embed compliance requirements into product design and development.
• Work closely with Legal and Corporate Security to align regulatory, contractual, and certification requirements.
• Support incident response planning and regulatory reporting obligations.

Training & Awareness

• Develop training and awareness programs to ensure staff understand and implement security compliance practices.
• Provide guidance to product teams on practical application of CRA and other regulations.

• Strong knowledge of product security regulations and standards, and their associated communities, including but not limited to the: EU CRA, ENISA, UK PSTI, BSI, NIS2, OpenSSF
• Experience with Security Development Lifecycles and product security assurance, including requirement management, threat modelling, security testing, and incident response
• Previous involvement in regulatory advocacy, industry working groups, or standards development.
• Proven ability to interpret legal/regulatory text and translate into actionable technical requirements.
• Project management and program coordination skills across multiple collaborators.

• Familiarity with the security of embedded systems, semiconductors, software supply chain security
• A history of low-level software or hardware development/architecture
• Knowledge of ISO 21434, IEC 62443, SESIP, PSA Certified

Accommodations and recruiting: if you need an adjustment or an accommodation during the recruitment process, please email accommodations@arm.com. By sending the requested information, you consent to its use by Arm to arrange for appropriate accommodations. All accommodation requests are treated with confidentiality and disclosed only as necessary to provide the accommodation.

Arm’s approach to hybrid working is designed to create a working environment that supports both high performance and personal wellbeing. We believe in bringing people together face to face to enable us to work at pace, whilst recognizing the value of flexibility. Within that framework, we empower groups/teams to determine their own hybrid working patterns, depending on the work and the team’s needs. Details of what this means for each role will be shared upon application. In some cases, the flexibility we can offer is limited by local legal, regulatory, tax, or other considerations, and where this is the case, we will collaborate with you to find the best solution. Please talk to us to find out more about what this could look like for you.

Arm is an equal opportunity employer, committed to providing an environment of mutual respect where equal opportunities are available to all applicants and colleagues. We are a diverse organization of dedicated and innovative individuals, and don’t discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.