Underpaidby HiringX
← All Jobs

Product Policy, Cyber Policy Manager

OpenAI

San FranciscoRemoteProduct Policy5+ yrs

About the role

About the Team

The Product Policy team develops, implements, enforces, and communicates the policies that govern use of OpenAI’s services, including ChatGPT, Codex, GPTs, and the OpenAI API. This cyber-focused role will help define how OpenAI enables legitimate cybersecurity work while reducing the risk that our products are misused for cyber abuse.

This role sits at the intersection of AI capability, cybersecurity practice, and abuse prevention: helping defenders use OpenAI’s tools effectively while setting clear boundaries against malicious cyber activity.

About the Role

As a Product Policy Manager specializing in Cyber, you will combine cyber and policy expertise to guide how OpenAI evaluates, launches, and governs capabilities relevant to cybersecurity. You will work closely with product, engineering, research, safety, security, legal, operations, and go-to-market teams to translate complex cyber risk into practical product policy, implementation standards, enforcement guidance, and launch decisions.

The role requires understanding both sides of the cyber equation: how defenders investigate, detect, triage, and respond to threats, and how malicious actors may attempt to misuse AI systems for vulnerability exploitation, social engineering, malware enablement, credential abuse, or other harmful activity. Strong candidates may bring depth in one or more cyber domains, such as attacker tradecraft, vulnerability discovery, malware analysis, phishing and credential abuse, identity and access risks, incident response, detection engineering, secure development, threat intelligence, abuse investigations, or security tooling — along with the ability to reason across adjacent areas. You do not need to have held a formal policy title, but you should have experience turning technical risk into durable rules, standards, processes, or decisions, and very strong communications skills.

As OpenAI continues to grow, this role will help align diverse teams and stakeholders while operating in a fast-moving, ambiguous environment.

This role is based in San Francisco, CA. We use a hybrid work model of 3 days in the office per week and offer relocation assistance to new employees.

In this role, you will:

- Provide cyber policy advice to technical and product teams based on a deep understanding of model capabilities, product architecture, abuse pathways, defensive security use cases, and the practical needs of cybersecurity teams.

- Evaluate cyber-relevant product launches and model capabilities, including how they may support legitimate security work and how they could be misused by malicious or irresponsible actors.

- Translate cyber threat risk into clear product requirements, launch guidance, enforcement standards, user-facing policy, and internal implementation guidance.

- Develop operationalizable standards, enforcement protocols, and escalation paths for cyber abuse scenarios, including vulnerability exploitation, credential abuse, social