Job Description
The bet we're asking you to make
Every compliance framework ever written — GDPR, HIPAA, CMMC 2.0, NIS2, DORA, the EU AI Act, FIPS 140-3, SOC 2 — regulates data access, not who performs it. That sentence is the entire reason this role exists.
In 2026, the entity accessing your customer's regulated data is no longer just an employee on a laptop. It's a Claude-powered agent pulling batch files at 3 a.m. It's a Copilot writing to a partner SFTP endpoint. It's an autonomous supply-chain workflow negotiating AS2 handshakes with zero humans in the loop.
MFT just stopped being a file-movement category. It's becoming the governed data-exchange substrate for agentic work. Kiteworks is ~40% of the way through that transition. We want you to own the rest.
You'll inherit a product line most of your peers would kill for: Kiteworks MFT on an Apache Airflow engine, 2,000+ connectors, FIPS 140-3 validated crypto, ABAC everywhere, the AI Data Gateway, the Secure MCP Server, Kiteworks Compliant AI, and three Governed Agent Assists already shipped. Your job is to turn that foundation into the decisive product in the category, ahead of Progress MoveIT, Fortra GoAnywhere, Cleo, IBM Sterling, and Axway, by reimagining MFT as intelligent, agentic, policy-enforced data exchange between humans, systems, and AI.
What "director" means here
You are a builder first, a director second.
You ship. You prototype in Cursor or Claude Code before anyone writes a spec. You run your own evals. You use Claude Opus as a thought partner for strategy the way your predecessors used a Moleskine. You write less, prompt more, and demo most. You have taste, and you defend it.
You will have a group of highly-collaborative stakeholders, an engineering org, a design partner, and a direct line to the CPO. Your scorecard is shipped product, measurable model quality, and category share — in that order.
The work
Own the agentic MFT roadmap. Extend Kiteworks MFT beyond scheduled SFTP/AS2/PGP jobs into autonomous, policy-enforced data exchange for humans and agents. Decide what ships in the next 90 days, 9 months, and 3 years. Hold the roadmap loosely, when the next model drops, rewrite it.
Ship AI-native MFT capabilities end-to-end.
Write behavior specs, not feature specs. Refusal categories. No-fly topics. Escalation triggers. Action boundaries for every Governed Agent Assist. Set the autonomy dial per workflow — human-in-the-loop, human-on-the-loop, or fully autonomous — and defend your choices to security, compliance, and the customer.
Orchestrate agents in your own workflow. Run Claude Code on your own backlog. Maintain the CLAUDE.md that your team codes against. Automate the parts of your job that should be automated. Our PMs are prototyping in Claude Code before handing anything to engineering, that's your fault.
Own the model strategy. Primary, fallback, cost-optimized. Decide when to prompt, when to RAG, when to fine-tune, when to wait three months for the next Claude. Monitor provider drift and price changes. Pick your fights with frontier vs. open-weights. Know your cost per classification, per routing decision, per compliance check — down to the cent.
Translate regulation into product. NIS2 Article 21, DORA's 24-hour reporting clock, EU AI Act Annex III, FIPS 140-3, CMMC 2.0, GDPR, SOC 2, the DHS M-25-21 mandate for continuous-authorization AI gateways. You turn every one of these into a specific product requirement, a specific audit artifact, and a specific salesroom proof point. The reward for doing this well is that your product is the one the CISO can actually buy.
Partner with research, not just engineering. Kiteworks has a growing AI/ML team. You will be 1 click away from them. Embed. Co-design retrieval pipelines. Influence post-training. If you're only consuming APIs, you're leaving the moat on the table.
Dogfood ruthlessly. Every feature ships through our internal Governed Assists first. You're on-call for that loop. You watch real users hit real edges and you feed those edges straight into the next eval.
Position the category. Own the narrative: Kiteworks MFT is the governed data layer for humans and AI agents. Sit in the customer advisory board. Outflank MoveIT and GoAnywhere on security story and Cleo/Axway on agent story. We expect a reposition win, not just a roadmap.
What you need to have done before
We don't care about your title progression. We care that:
Fluency in the stack. Prompting, context engineering, RAG, embeddings, fine-tuning decisions, MCP, agent SDKs, eval infra (Braintrust, LangSmith, or equivalent). You don't need to have built all of it. You do need to be conversant enough that our researchers treat you as a peer.
Taste. The ability to look at an agent response, a UI, a workflow, and know in two seconds whether it's good. This is the only skill we can't teach.
Comfort at the edge of the model frontier. Knowing when a capability is 80% there and you can prompt the last 20%, versus when it's 10% there and you should come back in a quarter. Building anyway, when the target is moving.
Builder energy. High agency, high urgency, slope over intercept. You ship v1s fast and make them great in public.
A protocol-level understanding of SFTP, AS2, FTPS, and HTTPS file-exchange patterns, so that when an agent generates an AS2 partner profile you can tell within five seconds whether it's real or hallucinated. You don't have to have started in MFT. You do have to get there fast.
The stuff that's still true about the job
You'll work with design, engineering, security, support, marketing, sales, customer success, and a serious customer advisory board including Fortune 500 and federal buyers.. You'll present to the executive team. You'll travel occasionally. You'll write. You'll listen. You'll be held to business outcomes: revenue, retention, category position, NPS, and — new this year — measurable AI quality.
Incorporate security and privacy requirements into product design, ensuring alignment with ISO 27001 and GDPR (privacy by design and by default).
You'll incorporate security and privacy requirements into product design, ensuring alignment with ISO 27001 and GDPR (privacy by design and by default).
We operate the Kiteworks Private Data Network — the governed data layer used by the world's most regulated enterprises to unify email, file sharing, SFTP, MFT, web forms, APIs, and AI-agent access under a single compliance framework. 35,000+ organizations and 110+ million end-users move their most sensitive content through Kiteworks. We've built the first MCP server with enterprise-grade access control. We ship Compliant AI. We are the company every AI-governance regulator ends up in a room with, eventually.
The values that define us
Execution — We deliver results with focus, ownership, and consistency. Our teams take initiative, solve challenges proactively, and continuously optimize how we work to create meaningful impact for our customers.
Transparency — We communicate openly and clearly, ensuring stakeholders have the information they need to make informed decisions. We foster a culture of trust, welcome feedback, and embrace accountability in everything we do.
Integrity — We uphold the highest standards of honesty and responsibility. Our teams act ethically, consistently honor commitments, and build trust through principled, reliable actions.
Commitment to Equal Opportunity & Inclusion
Kiteworks is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need accommodation during the interview process, tell us — we'll make it work.
Other requirements
Ability to meet Kiteworks, customer, and government security screening requirements for this role, including:
Jetzt bewerben
The bet we're asking you to make
Every compliance framework ever written — GDPR, HIPAA, CMMC 2.0, NIS2, DORA, the EU AI Act, FIPS 140-3, SOC 2 — regulates data access, not who performs it. That sentence is the entire reason this role exists.
In 2026, the entity accessing your customer's regulated data is no longer just an employee on a laptop. It's a Claude-powered agent pulling batch files at 3 a.m. It's a Copilot writing to a partner SFTP endpoint. It's an autonomous supply-chain workflow negotiating AS2 handshakes with zero humans in the loop.
MFT just stopped being a file-movement category. It's becoming the governed data-exchange substrate for agentic work. Kiteworks is ~40% of the way through that transition. We want you to own the rest.
You'll inherit a product line most of your peers would kill for: Kiteworks MFT on an Apache Airflow engine, 2,000+ connectors, FIPS 140-3 validated crypto, ABAC everywhere, the AI Data Gateway, the Secure MCP Server, Kiteworks Compliant AI, and three Governed Agent Assists already shipped. Your job is to turn that foundation into the decisive product in the category, ahead of Progress MoveIT, Fortra GoAnywhere, Cleo, IBM Sterling, and Axway, by reimagining MFT as intelligent, agentic, policy-enforced data exchange between humans, systems, and AI.
What "director" means here
You are a builder first, a director second.
You ship. You prototype in Cursor or Claude Code before anyone writes a spec. You run your own evals. You use Claude Opus as a thought partner for strategy the way your predecessors used a Moleskine. You write less, prompt more, and demo most. You have taste, and you defend it.
You will have a group of highly-collaborative stakeholders, an engineering org, a design partner, and a direct line to the CPO. Your scorecard is shipped product, measurable model quality, and category share — in that order.
The work
Own the agentic MFT roadmap. Extend Kiteworks MFT beyond scheduled SFTP/AS2/PGP jobs into autonomous, policy-enforced data exchange for humans and agents. Decide what ships in the next 90 days, 9 months, and 3 years. Hold the roadmap loosely, when the next model drops, rewrite it.
Ship AI-native MFT capabilities end-to-end.
- Natural-language workflow authoring (plain English → Airflow DAG → AS2 endpoint)
- LLM-driven content classification and DLP beyond regex
- Agentic partner onboarding that collapses weeks of AS2/SFTP config into a supervised 20-minute conversation
- Predictive anomaly detection and behavioral baselining that would have caught Cl0p before it moved 77 million records
- Intelligent error triage that resolves incidents before the customer files a ticket
Write behavior specs, not feature specs. Refusal categories. No-fly topics. Escalation triggers. Action boundaries for every Governed Agent Assist. Set the autonomy dial per workflow — human-in-the-loop, human-on-the-loop, or fully autonomous — and defend your choices to security, compliance, and the customer.
Orchestrate agents in your own workflow. Run Claude Code on your own backlog. Maintain the CLAUDE.md that your team codes against. Automate the parts of your job that should be automated. Our PMs are prototyping in Claude Code before handing anything to engineering, that's your fault.
Own the model strategy. Primary, fallback, cost-optimized. Decide when to prompt, when to RAG, when to fine-tune, when to wait three months for the next Claude. Monitor provider drift and price changes. Pick your fights with frontier vs. open-weights. Know your cost per classification, per routing decision, per compliance check — down to the cent.
Translate regulation into product. NIS2 Article 21, DORA's 24-hour reporting clock, EU AI Act Annex III, FIPS 140-3, CMMC 2.0, GDPR, SOC 2, the DHS M-25-21 mandate for continuous-authorization AI gateways. You turn every one of these into a specific product requirement, a specific audit artifact, and a specific salesroom proof point. The reward for doing this well is that your product is the one the CISO can actually buy.
Partner with research, not just engineering. Kiteworks has a growing AI/ML team. You will be 1 click away from them. Embed. Co-design retrieval pipelines. Influence post-training. If you're only consuming APIs, you're leaving the moat on the table.
Dogfood ruthlessly. Every feature ships through our internal Governed Assists first. You're on-call for that loop. You watch real users hit real edges and you feed those edges straight into the next eval.
Position the category. Own the narrative: Kiteworks MFT is the governed data layer for humans and AI agents. Sit in the customer advisory board. Outflank MoveIT and GoAnywhere on security story and Cleo/Axway on agent story. We expect a reposition win, not just a roadmap.
What you need to have done before
We don't care about your title progression. We care that:
- You've shipped a 0→1 AI-powered product to production and watched it fail, learn, and get good.
- You've written at least one eval suite that changed how your team made decisions.
- You've built something worth shipping, yourself, with AI in the loop — even if it was small, even if it was a side project.
- You have an opinion about agent UX, and you can defend it with artifacts.
- You've either owned, shipped to, or lived inside a regulated environment — financial services, healthcare, federal, critical infrastructure — deeply enough to know what a real compliance buyer actually asks.
- You've carried a P&L or a major product line with meaningful revenue. This is a director role, not a senior PM role.
Fluency in the stack. Prompting, context engineering, RAG, embeddings, fine-tuning decisions, MCP, agent SDKs, eval infra (Braintrust, LangSmith, or equivalent). You don't need to have built all of it. You do need to be conversant enough that our researchers treat you as a peer.
Taste. The ability to look at an agent response, a UI, a workflow, and know in two seconds whether it's good. This is the only skill we can't teach.
Comfort at the edge of the model frontier. Knowing when a capability is 80% there and you can prompt the last 20%, versus when it's 10% there and you should come back in a quarter. Building anyway, when the target is moving.
Builder energy. High agency, high urgency, slope over intercept. You ship v1s fast and make them great in public.
A protocol-level understanding of SFTP, AS2, FTPS, and HTTPS file-exchange patterns, so that when an agent generates an AS2 partner profile you can tell within five seconds whether it's real or hallucinated. You don't have to have started in MFT. You do have to get there fast.
The stuff that's still true about the job
You'll work with design, engineering, security, support, marketing, sales, customer success, and a serious customer advisory board including Fortune 500 and federal buyers.. You'll present to the executive team. You'll travel occasionally. You'll write. You'll listen. You'll be held to business outcomes: revenue, retention, category position, NPS, and — new this year — measurable AI quality.
Incorporate security and privacy requirements into product design, ensuring alignment with ISO 27001 and GDPR (privacy by design and by default).
You'll incorporate security and privacy requirements into product design, ensuring alignment with ISO 27001 and GDPR (privacy by design and by default).
Compensation Range
- Annual Base Salary Range: €100,00 – €110,000
Base pay depends on many factors, such as location, education, experience, and skills. Base pay is only one part of Kiteworks competitive Total Rewards package that can include benefits, perks, equity, and bonuses. The base pay range is subject to change and may be modified in the future.
Your Equipment: Mac or Microsoft – you work with the IT equipment of your choice.
Your Pension: We contribute 20% to your company pension scheme (BAV) and also cover ongoing contracts.
Your Discounts: Enjoy attractive employee discounts via Bitkom with numerous well-known providers.
Your Extra: Shop with the Edenred gift card, with an average of €20 per month.
Your Stock Options: After one year with us, you have the opportunity to participate in our stock option program.
Your Flexibility: With your flexitime account, you can make up for longer days at any time.
Your Birthday: Celebrate yourself with a special day off on your birthday.
Your Engagement: Use a special vacation day to engage in social or environmental causes.
We operate the Kiteworks Private Data Network — the governed data layer used by the world's most regulated enterprises to unify email, file sharing, SFTP, MFT, web forms, APIs, and AI-agent access under a single compliance framework. 35,000+ organizations and 110+ million end-users move their most sensitive content through Kiteworks. We've built the first MCP server with enterprise-grade access control. We ship Compliant AI. We are the company every AI-governance regulator ends up in a room with, eventually.
The values that define us
Execution — We deliver results with focus, ownership, and consistency. Our teams take initiative, solve challenges proactively, and continuously optimize how we work to create meaningful impact for our customers.
Transparency — We communicate openly and clearly, ensuring stakeholders have the information they need to make informed decisions. We foster a culture of trust, welcome feedback, and embrace accountability in everything we do.
Integrity — We uphold the highest standards of honesty and responsibility. Our teams act ethically, consistently honor commitments, and build trust through principled, reliable actions.
Commitment to Equal Opportunity & Inclusion
Kiteworks is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need accommodation during the interview process, tell us — we'll make it work.
Other requirements
Ability to meet Kiteworks, customer, and government security screening requirements for this role, including:
- Kiteworks background check upon hire/transfer and every two years thereafter
- Ability to work internationally across different time zones
- High reliability and strict confidentiality when handling sensitive financial and investor data
Jetzt bewerben