Senior Director of Application & Product Security

Senior Director Application and Product Security 

The Senior Director of Application & Product Security is responsible for establishing clients Application Security program, while providing technical and professional leadership and oversight to application security experts and champions to embed security controls and capabilities across various products and businesses. The Senior Director of Application & Product Security will work with the CISO to set out security application strategy; ensuring consideration, consistency and compatibility of design principles and patterns across all product technology disciplines, in line with overarching security objectives.

Key Responsibilities

  • Sets out the application security strategy and framework for client, based on recognised application security architecture frameworks (e.g. OWASP SAMM, BSIMM), Standards and best practice design principles to protect the company’s platforms, applications and IoT products
  • Develop, mentor, and lead a high-performing staff of security architects and security engineers
  • Establishes a common application security architecture through deep understanding of objectives, internal and external context, including threats, risks and control objectives to optimise security by design and minimise platform and application security vulnerabilities
  • Provides deep specialist advice to leadership and key stakeholders including commercial and product teams
  • Promotes a shift-left approach and mindset to set out Security By Design agenda
  • Scaling up and out the application security program through developer empowerment, automation and crowdsourcing, amongst others
  • Ensures all application security disciplines align to deliver of best practice security principles, effectively mitigate risks and conform to all requirements including legal, regulatory and business requirements
  • Establishes and manages an Application Security Champions program and sets a security-ownership culture across product lines
  • Promotes and maintains awareness of latest security principles, techniques and protocols

Key Skills Required

  • Deep technical background, with a firm understanding of enterprise systems and cloud environments
  • Excellent knowledge of enterprise software development ecosystem, application vulnerabilities, application security controls, and secure development frameworks and best practices.
  • Strong and current understanding of application security threats, attack patterns, common and emerging security vulnerabilities and how they manifest themselves in different types of environments and applications
  • Understands the legal and regulatory environment within which the business operates and has knowledge of relevant security related legal and regulatory requirements
  • Extensive threat modelling experience
  • Strong communication and influencing skills, with personal gravitas and ability to effectively advise leadership and influence senior stakeholders
  • Good knowledge of common security standards and frameworks (e.g. OWASP Top 10, NIST/ CSC, CIS, SANS Top 25, TOGAF, SABSA, OSA, etc.)
  • Strong commercial awareness to enable business growth through effective security
  • Good level of knowledge of information security risk management methodologies and best practices

Person Specification

  • Critical thinker, excellent problem solving skills
  • Is practical, able to apply theoretical / academic principles in a practical, consumable manner
  • Fast learner – committed to continual learning, willing to expand skill set and rapidly understand new technologies
  • Creative and pragmatic, always seeking to achieve the best achievable outcome
  • Is compassionate and caring towards others. They respect the views and ideas of others
  • Works in a straight-forward, collaborative and inclusive way and is non-political
  • Is tenacious, in the pursuit to delight our users. Strives for excellence in all they do and always look to improve our service and product
  • Regularly seeks to turn ideas into action and injects creativity into every touch point
  • They question common practice to challenge the norm
  • Can-do attitude and a positive viewpoint
  • Takes ownership and always delivers against what is agreed

Qualifications

And Experience

  • Extensive previous experience in building and running application security programs in a fast-paced enterprise environment
  • 10+ years information security experience
  • Strong cryptography knowledge and implementation expertise
  • Excellent understanding of SDLC and modern development methodologies
  • Working knowledge of at least one programming language

Desirable

  • Graduate / post graduate study in computing / security related field
  • Relevant security architecture professional qualification, such as GIAC or other
  • Membership relevant professional body / industry group
  • Knowledge in securing consumer IoT devices
  • Previous experience in healthcare industry

Apply for this Job

Please enter your full name.

Enter a valid email address.

Upload your CV to accompany your application for this job.

Fields marked with * are required.

Senior Security Software Engineer

Senior Security Software Engineer (Fully remote / Up to £150,000):  Join one the fastest growing SaaS providers as a Senior Security Software Engineer and gain access to some of

Read More »
Application Security Engineer

Application Security Engineer A global SaaS company are looking for an Application Security Engineer to join their team. The company is undergoing a company-wide security transformation, looking for an

Read More »
Application Security Engineer

Application Security Engineer A global SaaS company are looking for an Application Security Engineer to join their team. The company is undergoing a company-wide security transformation, looking for an

Read More »
Senior DevSecOps Engineer

Senior DevSecOps Engineer:  Join a growing health-Tech organisation with global reach as a DevSecOps Engineer. You’ll work closely with an award-winning security team and some of the best in

Read More »
Senior Systems Engineer

Senior Systems Engineer A leading cyber security consultancy are looking for a Senior Systems Engineer to join their UK team. They are looking for advanced technical

Read More »
Senior DevSecOps Engineer

Senior DevSecOps Engineer:  Join a growing health-Tech organisation with global reach as a DevSecOps Engineer. You’ll work closely with an award-winning security team and some of the best in

Read More »