The company is seeking to enhance its security posture by embedding security into the foundation of everything it builds, and to evolve its security strategy with its technology.
Requirements
- Demonstrated expertise in identity and access management (IAM), application security (AppSec), and data protection principles, frameworks, and solutions
- Proven experience embedding security throughout the software development lifecycle (SDLC), with strong knowledge of DevSecOps, secure coding, and CI/CD integration
- Familiarity with modern security technologies and architectures including zero trust, secrets management, threat modeling, SAST/DAST/IAST tools, and API security
- Strong understanding of data governance, encryption practices, and privacy regulations (e.g., HIPAA, GDPR, CCPA)
- Prior leadership in scaling security programs for complex, distributed cloud environments (e.g., AWS, GCP, Azure)
- Experience managing incident response and vulnerability disclosure programs
Responsibilities
- Oversee and enhance identity and access management strategies and practices
- Collaborate with engineering and product teams to integrate security into the product lifecycle
- Develop and maintain product security strategy, aligning it with the overall business goal and security vision
- Identifying, assessing and mitigating security risks throughout the product lifecycle, including threat modeling and vulnerability analysis
- Communicating security risks, findings and recommendations to executive leadership and other key stakeholders
Other
- Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or a related technical field; Master’s degree or relevant certifications (e.g., CISSP, CISM, CSSLP) preferred
- 15+ years of progressive experience in security architecture and operations, including 5+ years in executive or senior leadership roles, preferably within SaaS or technology organizations
- Effective at leading through influence, mentoring diverse security teams, and developing high-performing talent
- Adept at fostering a culture of security awareness and shared responsibility within product and engineering teams