Director, Product Security

About The Position

Requirements

• Typically, will have at least 6-10 years of combined people leadership and hands-on experience in their particular craft.
• Bachelor’s or advanced degree in Computer Science/Information Systems or equivalent combination of education and experiences.
• Deep understanding of secure SDLC practices, application security, and threat modeling methodologies
• Knowledge of modern application architectures (cloud-native, APIs, microservices, containers)
• Familiarity with vulnerability management processes and enterprise remediation practices
• Understanding of regulatory expectations for security controls and audit evidence in financial services
• Knowledge of enterprise architecture frameworks and secure design principles
• Ability to operate effectively as a player-coach, balancing leadership and hands-on execution.
• Strong ability to influence across organizational boundaries without direct authority
• Proven ability to translate technical vulnerabilities into business risk and engineering priorities
• Strong analytical skills to identify systemic issues across large application portfolios
• Ability to drive risk-based prioritization within Agile delivery models
• Excellent communication, presentation, and interpersonal skills to engage both technical and executive audiences.
• Demonstrated ability to communicate complex information in a simplified way and meet fast paced deadlines.
• Critical Thinking and creative problem solving.
• Ability to establish credibility as a technical and strategic leader across multiple domains
• Ability to balance security rigor with delivery speed, minimizing friction
• Capability to remove organizational impediments and enable cross-team collaboration
• Ability to scale security practices across a large, complex enterprise environment
• Demonstrated ability to build trust and create a safe, collaborative, and effective working environment.

Responsibilities

• Drive implementation of a world class enterprise Product Security and Secure SDLC control framework within the existing IT Target Operating Model.
• Develop and track Product Security KPIs/KRIs, including control adoption, coverage, and risk trends
• Ensure alignment of security controls across Application, API, Data, and Platform Security teams
• Partner with Enterprise Architecture to operationalize a scalable threat modeling practice
• Oversee execution of threat modeling and design security reviews for high-risk applications and APIs
• Promote adoption of secure design patterns and reference architectures
• Integrate security signals from AppSec, API Security, and EVM to produce holistic application risk views
• Identify systemic vulnerabilities and repeat risk patterns across the application portfolio
• Drive risk-based prioritization by providing inputs into Agile backlogs and delivery planning
• Define product incident response process into existing Bank incident response processes.
• Facilitate collaboration across Application Security, API Security, Data Security, Platform Security, EVM, First Line Business Controls and the Chief Software Engineering organization.
• Remove organizational impediments that limit adoption of secure development practices
• Challenge existing processes and identify opportunities for efficiency, consistency, and scalability improvements
• Provide audit-ready evidence of secure SDLC control effectiveness
• Align Product Security practices with regulatory expectations (e.g., GLBA, FFIEC, PCI)
• Ensure risk is identified, assessed, monitored, and reported appropriately
• Evaluate and improve Product Security processes to increase effectiveness and reduce friction
• Drive adoption of automation, reusable patterns, and scalable security practices
• Act as a leader of the Product Security craft, defining future direction and best practices
• Directly a small team of specialized Product Security professionals.
• Provide coaching, performance management, and career development for direct reports
• Foster a culture of continuous learning, collaboration, and accountability for security outcomes
• Lead through player-coach engagement, contributing directly to program execution while guiding team direction
• Influence and mentor engineers and security practitioners across multiple teams without direct authority
• Support hiring, development, and capability growth as the Product Security function matures.

Benefits

• Comprehensive benefits
• Differentiated compensation offerings
• Incentive compensation plan
• Extensive benefits programs designed to support the individual needs of our employees and their families, encompassing physical, financial, emotional and social well-being.