Product Policy, Cyber Policy Manager

About the Role

The role requires a deep understanding of both sides of the cyber equation: how defenders investigate, detect, triage, and respond to threats, and how malicious actors may attempt to misuse AI systems for vulnerability exploitation, social engineering, malware enablement, credential abuse, or other harmful activity. Strong candidates will bring depth in one or more cyber domains, such as attacker tradecraft, vulnerability discovery, malware analysis, phishing and credential abuse, identity and access risks, incident response, detection engineering, secure development, threat intelligence, abuse investigations, or security tooling.

Openai's hybrid work model allows for 3 days in the office per week, with relocation assistance available to new employees. This role is based in San Francisco, CA, and offers the opportunity to work with a talented team of professionals who are passionate about AI and cybersecurity.

What You Will Do

• Provide cyber policy advice to technical and product teams based on a deep understanding of model capabilities, product architecture, abuse pathways, defensive security use cases, and the practical needs of cybersecurity teams.
• Evaluate cyber-relevant product launches and model capabilities, including how they may support legitimate security work and how they could be misused by malicious or irresponsible actors.
• Translate cyber threat risk into clear product requirements, launch guidance, enforcement standards, user-facing policy, and internal implementation guidance.
• Develop operationalizable standards, enforcement protocols, and escalation paths for cyber abuse scenarios, including vulnerability exploitation, credential abuse, social engineering, malware enablement, phishing, data exfiltration, and misuse of security automation.
• Partner with safety, security, product, engineering, research, legal, operations, communications, and global affairs teams to make principled, timely decisions about cyber risk in high-ambiguity situations.
• Help build scalable policy frameworks for dual-use cyber capabilities, including where to draw boundaries between beneficial security research, defensive operations, and harmful cyber activity.
• Collaborate with cross-functional teams to design and implement effective cyber risk mitigation strategies.
• Develop and maintain relationships with key stakeholders, including cybersecurity teams, law enforcement agencies, and industry partners.
• Stay up-to-date with emerging trends and threats in the cybersecurity landscape, applying this knowledge to inform and improve Openai's cyber policy and product development.

What We Are Looking For

• 5+ years of experience, or equivalent depth, in one or more of the following areas: cybersecurity, security engineering, threat intelligence, incident response, abuse investigations, detection engineering, product policy, cyber policy, trust and safety, or a closely related field.
• Strong technical fluency in one or more cyber domains, such as vulnerability management, malware analysis, threat intelligence, incident response, phishing and credential abuse, detect and response, or security automation.
• Experience in turning technical risk into durable rules, standards, processes, or decisions, with very strong communications skills.
• Ability to reason across adjacent cyber domains, with a deep understanding of the intersection of AI capability, cybersecurity practice, and abuse prevention.
• Strong analytical and problem-solving skills, with the ability to translate complex cyber risk into practical product policy and implementation standards.
• Experience working with cross-functional teams, including product, engineering, research, safety, security, legal, operations, and go-to-market teams.
• Strong understanding of AI and machine learning concepts, with the ability to apply this knowledge to inform and improve Openai's cyber policy and product development.
• Experience with policy development, implementation, and enforcement, with a strong understanding of regulatory requirements and industry standards.

Nice to Have

• Experience with cloud-based security solutions, including AWS, Azure, or Google Cloud Platform.
• Familiarity with agile development methodologies, including Scrum or Kanban.
• Experience with security information and event management (SIEM) systems, including Splunk or ELK.
• Knowledge of programming languages, including Python, Java, or C++.
• Experience with data analytics and visualization tools, including Tableau or Power BI.

Benefits and Perks

• Competitive salary and equity package.
• Opportunities for professional growth and development, including training and education programs.
• Collaborative and dynamic work environment, with a talented team of professionals who are passionate about AI and cybersecurity.
• Flexible work arrangements, including remote work options and flexible hours.
• Comprehensive benefits package, including health, dental, and vision insurance, as well as 401(k) matching.
• Access to cutting-edge technology and tools, including AI and machine learning platforms.
• Recognition and reward programs, including employee recognition and bonuses.
• Paid time off, including vacation, sick leave, and holidays.

• Develop a strong understanding of AI and machine learning concepts, and be prepared to apply this knowledge to inform and improve Openai's cyber policy and product development.
• Highlight your experience in turning technical risk into durable rules, standards, processes, or decisions, and showcase your strong communications skills.
• Be prepared to provide examples of your experience in cyber policy development, implementation, and enforcement, and demonstrate your ability to reason across adjacent cyber domains.
• Showcase your ability to work effectively in a cross-functional team environment, and highlight your experience with agile development methodologies.
• Be prepared to discuss your understanding of regulatory requirements and industry standards, and demonstrate your ability to apply this knowledge to inform and improve Openai's cyber policy and product development.
• Develop a portfolio of your work, including examples of your policy development, implementation, and enforcement experience, and be prepared to discuss your approach to cyber risk mitigation and management.
• Prepare to discuss your experience with security information and event management (SIEM) systems, and demonstrate your ability to apply data analytics and visualization tools to inform and improve cyber policy and product development.