Job Description

The bet we're asking you to make
Every compliance framework ever written — GDPR, HIPAA, CMMC 2.0, NIS2, DORA, the EU AI Act, FIPS 140-3, SOC 2 — regulates data access, not who performs it. That sentence is the entire reason this role exists.
In 2026, the entity accessing your customer's regulated data is no longer just an employee on a laptop. It's a Claude-powered agent pulling batch files at 3 a.m. It's a Copilot writing to a partner SFTP endpoint. It's an autonomous supply-chain workflow negotiating AS2 handshakes with zero humans in the loop.

MFT just stopped being a file-movement category. It's becoming the governed data-exchange substrate for agentic work. Kiteworks is ~40% of the way through that transition. We want you to own the rest.
You'll inherit a product line most of your peers would kill for: Kiteworks MFT on an Apache Airflow engine, 2,000+ connectors, FIPS 140-3 validated crypto, ABAC everywhere, the AI Data Gateway, the Secure MCP Server, Kiteworks Compliant AI, and three Governed Agent Assists already shipped. Your job is to turn that foundation into the decisive product in the category, ahead of Progress MoveIT, Fortra GoAnywhere, Cleo, IBM Sterling, and Axway, by reimagining MFT as intelligent, agentic, policy-enforced data exchange between humans, systems, and AI.

What "director" means here
You are a builder first, a director second.
You ship. You prototype in Cursor or Claude Code before anyone writes a spec. You run your own evals. You use Claude Opus as a thought partner for strategy the way your predecessors used a Moleskine. You write less, prompt more, and demo most. You have taste, and you defend it.

You will have a group of highly-collaborative stakeholders, an engineering org, a design partner, and a direct line to the CPO. Your scorecard is shipped product, measurable model quality, and category share — in that order.

The work
Own the agentic MFT roadmap. Extend Kiteworks MFT beyond scheduled SFTP/AS2/PGP jobs into autonomous, policy-enforced data exchange for humans and agents. Decide what ships in the next 90 days, 9 months, and 3 years. Hold the roadmap loosely, when the next model drops, rewrite it.
Ship AI-native MFT capabilities end-to-end.
• Natural-language workflow authoring (plain English → Airflow DAG → AS2 endpoint)
• LLM-driven content classification and DLP beyond regex
• Agentic partner onboarding that collapses weeks of AS2/SFTP config into a supervised 20-minute conversation
• Predictive anomaly detection and behavioral baselining that would have caught Cl0p before it moved 77 million records
• Intelligent error triage that resolves incidents before the customer files a ticket

Define and own the eval suite for every AI-touching feature. Golden datasets, LLM-as-judge rubrics, regression thresholds, abstention rates, faithfulness scores, calibration curves. When engineering asks "how do we know it's better?", the answer is a number you wrote the scorer for. Evals are your PRD.

Write behavior specs, not feature specs. Refusal categories. No-fly topics. Escalation triggers. Action boundaries for every Governed Agent Assist. Set the autonomy dial per workflow — human-in-the-loop, human-on-the-loop, or fully autonomous — and defend your choices to security, compliance, and the customer.

Orchestrate agents in your own workflow. Run Claude Code on your own backlog. Maintain the CLAUDE.md that your team codes against. Automate the parts of your job that should be automated. Our PMs are prototyping in Claude Code before handing anything to engineering, that's your fault.

Own the model strategy. Primary, fallback, cost-optimized. Decide when to prompt, when to RAG, when to fine-tune, when to wait three months for the next Claude. Monitor provider drift and price changes. Pick your fights with frontier vs. open-weights. Know your cost per classification, per routing decision, per compliance check — down to the cent.

Translate regulation into product. NIS2 Article 21, DORA's 24-hour reporting clock, EU AI Act Annex III, FIPS 140-3, CMMC 2.0, GDPR, SOC 2, the DHS M-25-21 mandate for continuous-authorization AI gateways. You turn every one of these into a specific product requirement, a specific audit artifact, and a specific salesroom proof point. The reward for doing this well is that your product is the one the CISO can actually buy.

Partner with research, not just engineering. Kiteworks has a growing AI/ML team. You will be 1 click away from them. Embed. Co-design retrieval pipelines. Influence post-training. If you're only consuming APIs, you're leaving the moat on the table.

Dogfood ruthlessly. Every feature ships through our internal Governed Assists first. You're on-call for that loop. You watch real users hit real edges and you feed those edges straight into the next eval.

Position the category. Own the narrative: Kiteworks MFT is the governed data layer for humans and AI agents. Sit in the customer advisory board. Outflank MoveIT and GoAnywhere on security story and Cleo/Axway on agent story. We expect a reposition win, not just a roadmap.

What you need to have done before
We don't care about your title progression. We care that:
• You've shipped a 0→1 AI-powered product to production and watched it fail, learn, and get good.
• You've written at least one eval suite that changed how your team made decisions.
• You've built something worth shipping, yourself, with AI in the loop — even if it was small, even if it was a side project.
• You have an opinion about agent UX, and you can defend it with artifacts.
• You've either owned, shipped to, or lived inside a regulated environment — financial services, healthcare, federal, critical infrastructure — deeply enough to know what a real compliance buyer actually asks.
• You've carried a P&L or a major product line with meaningful revenue. This is a director role, not a senior PM role.

What will make you great here
Fluency in the stack. Prompting, context engi