Senior Director of Application & Product Security

Senior Director Application and Product Security 

The Senior Director of Application & Product Security is responsible for establishing clients Application Security program, while providing technical and professional leadership and oversight to application security experts and champions to embed security controls and capabilities across various products and businesses. The Senior Director of Application & Product Security will work with the CISO to set out security application strategy; ensuring consideration, consistency and compatibility of design principles and patterns across all product technology disciplines, in line with overarching security objectives.

Key Responsibilities

  • Sets out the application security strategy and framework for client, based on recognised application security architecture frameworks (e.g. OWASP SAMM, BSIMM), Standards and best practice design principles to protect the company’s platforms, applications and IoT products
  • Develop, mentor, and lead a high-performing staff of security architects and security engineers
  • Establishes a common application security architecture through deep understanding of objectives, internal and external context, including threats, risks and control objectives to optimise security by design and minimise platform and application security vulnerabilities
  • Provides deep specialist advice to leadership and key stakeholders including commercial and product teams
  • Promotes a shift-left approach and mindset to set out Security By Design agenda
  • Scaling up and out the application security program through developer empowerment, automation and crowdsourcing, amongst others
  • Ensures all application security disciplines align to deliver of best practice security principles, effectively mitigate risks and conform to all requirements including legal, regulatory and business requirements
  • Establishes and manages an Application Security Champions program and sets a security-ownership culture across product lines
  • Promotes and maintains awareness of latest security principles, techniques and protocols

Key Skills Required

  • Deep technical background, with a firm understanding of enterprise systems and cloud environments
  • Excellent knowledge of enterprise software development ecosystem, application vulnerabilities, application security controls, and secure development frameworks and best practices.
  • Strong and current understanding of application security threats, attack patterns, common and emerging security vulnerabilities and how they manifest themselves in different types of environments and applications
  • Understands the legal and regulatory environment within which the business operates and has knowledge of relevant security related legal and regulatory requirements
  • Extensive threat modelling experience
  • Strong communication and influencing skills, with personal gravitas and ability to effectively advise leadership and influence senior stakeholders
  • Good knowledge of common security standards and frameworks (e.g. OWASP Top 10, NIST/ CSC, CIS, SANS Top 25, TOGAF, SABSA, OSA, etc.)
  • Strong commercial awareness to enable business growth through effective security
  • Good level of knowledge of information security risk management methodologies and best practices

Person Specification

  • Critical thinker, excellent problem solving skills
  • Is practical, able to apply theoretical / academic principles in a practical, consumable manner
  • Fast learner – committed to continual learning, willing to expand skill set and rapidly understand new technologies
  • Creative and pragmatic, always seeking to achieve the best achievable outcome
  • Is compassionate and caring towards others. They respect the views and ideas of others
  • Works in a straight-forward, collaborative and inclusive way and is non-political
  • Is tenacious, in the pursuit to delight our users. Strives for excellence in all they do and always look to improve our service and product
  • Regularly seeks to turn ideas into action and injects creativity into every touch point
  • They question common practice to challenge the norm
  • Can-do attitude and a positive viewpoint
  • Takes ownership and always delivers against what is agreed

Qualifications

And Experience

  • Extensive previous experience in building and running application security programs in a fast-paced enterprise environment
  • 10+ years information security experience
  • Strong cryptography knowledge and implementation expertise
  • Excellent understanding of SDLC and modern development methodologies
  • Working knowledge of at least one programming language

Desirable

  • Graduate / post graduate study in computing / security related field
  • Relevant security architecture professional qualification, such as GIAC or other
  • Membership relevant professional body / industry group
  • Knowledge in securing consumer IoT devices
  • Previous experience in healthcare industry

Apply for this Job

Please enter your full name.

Enter a valid email address.

Upload your CV to accompany your application for this job.

Fields marked with * are required.

Security Engineer

Cyber Security Engineer The company is a professional services cyber security consultancy, specialising in end-to-end cyber security solutions. This is ideal for someone with a

Read More »
Security Architect

Information Security Architect The company is a professional services cyber security consultancy, specialising in end-to-end cyber security solutions. This is ideal for someone with a strong

Read More »
Security Engineer

Security Engineer Security Engineers will play a key role in implementing and championing client’sSecurity By Design agenda, to minimise application security risks and avoid security

Read More »
security architect

Security Architect As a Security Architect, you will be responsible for driving the security and usability of the infrastructure on which our business products and

Read More »
Security Architect

Information Security Architect The company is a professional services cyber security consultancy, specialising in end-to-end cyber security solutions. This is ideal for someone with a strong

Read More »
Senior Cyber Security Engineer

Cyber Security Engineer My client is based in Manchester, they require a Senior Cyber Security Engineer to manage the application and infrastructure security systems (Microsoft

Read More »