Director of Application and Product Security

Mission of the Position:

The Director, Application and Product Security (DAPS) will lead the application security program to ensure the integrity, confidentiality, and availability of the company's SaaS products. Responsibilities include identifying, documenting, assessing, prioritizing, sizing, and mitigating applications security risks, while overseeing measures that protect company data. The role requires expert experience and skills and acuity towards proactive risk management and rapid response to security threats to uphold customer trust and compliance with regulatory standards.

Responsibilities:

? Develop and oversee the implementation of application security strategies and policies.

? In-depth knowledge of secure coding practices, application architectures, and cloud security.

? Handle half yearly 3rd party penetration testings, Work with the development and product team to ensure all that is reported gets resolved / mitigated in a timely manner.

? Ensure IT policies, procedures, and systems comply with industry regulations, standards, and best practices.

? Define and implement the long-term vision, strategy, and roadmap for product and application security aligned with company objectives.

? Integrate security into the Software Development Life Cycle (SDLC) and DevSecOps pipelines.

? Take an adversary perspective to identify, prioritize, and mitigate vulnerabilities.

? Proactive review of the Product Release Build using tools to ensure the release is secure.

? Develop security controls frameworks to support new initiatives like Generative AI.

? Collaborate with development teams on code audits, solution requirements, and technology roadmaps.

? Coordinate with G&A, Audit firm consultants and development teams to provide the information required to complete security review and audits in a timely manner.

? Lead all aspects of the Secure Development Lifecycle (SDL) and application testing disciplines.

? Stay informed about emerging threats and vulnerabilities.

? Identify, document, assess and mitigate applications security risks; own security backlog identification and prioritization

? Communicate security risks and recommendations to executive leadership.

Requirements:

? Extensive experience in application security, particularly in a SaaS environment.

? Strong background in software development and security.

? Familiarity with compliance requirements relevant to SaaS platforms (for example, ISO 27001, GDPR, SOC2).

? Excellent communication and interpersonal skills.

? Bachelor's degree in Computer Science, Information Security, or related field. Advanced degrees or certifications in cybersecurity (for example, CISSP, CISM) preferred.

? This role involves strategic oversight and operational management of application security, emphasizing collaboration with product managers and engineers to embed security into the product lifecycle. The position requires an articulate and persuasive leader capable of serving as an effective member of the senior management team.