CNAPP Program Leader

About The Position

Requirements

• 10+ years of experience as product owner/manager in cloud security or adjacent domains with a track record of business impact.
• Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field—or equivalent experience.
• Technical fluency with the ability to engage credibly on architecture, APIs, data models, and engineering constraints. Strong grounding in security, privacy, and accessibility principles, and the ability to translate complex technical concepts for non-technical and executive audiences.
• Exceptional cross-functional program leadership, communication, and stakeholder management skills within a global organization. Demonstrated ability to align cross-functional stakeholders across information security, technology, and client-facing teams through influence and relationship-building. Skilled at coaching, delegation, and fostering team growth.
• Strategic planning capability to develop a 12–18 month CNAPP vision and translate it into an outcome-driven roadmap with clear quarterly objectives and measurable results.
• Strong business acumen with a proven ability to engage and communicate effectively with diverse audiences, from executives to practitioners.
• Track record of delivering results in complex, fast-paced environments—managing multiple priorities, leading cross-functional initiatives, and driving adoption at scale.
• 10+ years of experience in information security, cloud security, or cloud architecture, including at least 5 years focused on cloud-native platforms (AWS, Azure, GCP).
• Deep understanding of CNAPP capabilities, including container and serverless security, API protection, and cloud workload protection.
• Hands-on familiarity with leading security tools and platforms such as CSPM, CWPP, CIEM, IaC scanning, DSPM, runtime threat detection, and vulnerability management.

Nice To Haves

• Relevant professional certifications (e.g., CISSP, CCSP, Azure Security Specialty) highly preferred.
• Knowledge of regulatory and industry frameworks (e.g., ISO 27001/2, ISO 27017, GDPR) and cloud compliance requirements preferred.

Responsibilities

• Own the end-to-end lifecycle of the Cloud-Native Application Protection Platform (CNAPP) from strategy, roadmap, and architecture through deployment, operations, and ongoing optimization.
• Drive global adoption and enablement of CNAPP by developing guidance, documentation, and engagement programs that support business and technology teams.
• Collaborate cross-functionally with business, architecture, engineering, security, DevOps, and product teams to embed CNAPP capabilities—such as workload protection, vulnerability management, compliance monitoring, and cloud entitlement management—into cloud-native application workflows.
• Define and uphold platform governance, policies, and best practices to ensure consistent, robust protection of cloud assets and data.
• Continuously evolve the CNAPP strategy and roadmap by monitoring use case value realization, technology trends, and industry best practices.
• Establish and measure success through key performance indicators (KPIs) focused on use case effectiveness, adoption, and value realization. Incorporate platform health metrics in partnership with technical teams.
• Deliver executive-level insights and recommendations on CNAPP strategy, roadmap progress, value delivery, risks, dependencies, metrics, and change management initiatives.

Benefits

• medical and dental coverage
• pension and 401(k) plans
• a wide range of paid time off options
• flexible vacation policy
• designated EY Paid Holidays
• Winter/Summer breaks
• Personal/Family Care
• other leaves of absence