Director, Product Security

About The Position

Requirements

• Typically, will have at least 6-10 years of combined people leadership and hands-on experience in their particular craft.
• Bachelor’s or advanced degree in Computer Science/Information Systems or equivalent combination of education and experiences.
• Deep understanding of secure SDLC practices, application security, and threat modeling methodologies.
• Knowledge of modern application architectures (cloud-native, APIs, microservices, containers).
• Familiarity with vulnerability management processes and enterprise remediation practices.
• Understanding of regulatory expectations for security controls and audit evidence in financial services.
• Knowledge of enterprise architecture frameworks and secure design principles.
• Ability to operate effectively as a player-coach, balancing leadership and hands-on execution.
• Strong ability to influence across organizational boundaries without direct authority.
• Proven ability to translate technical vulnerabilities into business risk and engineering priorities.
• Strong analytical skills to identify systemic issues across large application portfolios.
• Ability to drive risk-based prioritization within Agile delivery models.
• Excellent communication, presentation, and interpersonal skills to engage both technical and executive audiences.
• Demonstrated ability to communicate complex information in a simplified way and meet fast paced deadlines.
• Critical Thinking and creative problem solving.
• Ability to establish credibility as a technical and strategic leader across multiple domains.
• Ability to balance security rigor with delivery speed, minimizing friction.
• Capability to remove organizational impediments and enable cross-team collaboration.
• Ability to scale security practices across a large, complex enterprise environment.
• Demonstrated ability to build trust and create a safe, collaborative, and effective working environment.

Responsibilities

• Drive implementation of a world class enterprise Product Security and Secure SDLC control framework within the existing IT Target Operating Model.
• Develop and track Product Security KPIs/KRIs, including control adoption, coverage, and risk trends.
• Ensure alignment of security controls across Application, API, Data, and Platform Security teams.
• Partner with Enterprise Architecture to operationalize a scalable threat modeling practice.
• Oversee execution of threat modeling and design security reviews for high-risk applications and APIs.
• Promote adoption of secure design patterns and reference architectures.
• Integrate security signals from AppSec, API Security, and EVM to produce holistic application risk views.
• Identify systemic vulnerabilities and repeat risk patterns across the application portfolio.
• Drive risk-based prioritization by providing inputs into Agile backlogs and delivery planning.
• Define product incident response process into existing Bank incident response processes.
• Facilitate collaboration across Application Security, API Security, Data Security, Platform Security, EVM, First Line Business Controls and the Chief Software Engineering organization.
• Remove organizational impediments that limit adoption of secure development practices.
• Challenge existing processes and identify opportunities for efficiency, consistency, and scalability improvements.
• Provide audit-ready evidence of secure SDLC control effectiveness.
• Align Product Security practices with regulatory expectations (e.g., GLBA, FFIEC, PCI).
• Ensure risk is identified, assessed, monitored, and reported appropriately.
• Evaluate and improve Product Security processes to increase effectiveness and reduce friction.
• Drive adoption of automation, reusable patterns, and scalable security practices.
• Act as a leader of the Product Security craft, defining future direction and best practices.
• Directly a small team of specialized Product Security professionals.
• Provide coaching, performance management, and career development for direct reports.
• Foster a culture of continuous learning, collaboration, and accountability for security outcomes.
• Lead through player-coach engagement, contributing directly to program execution while guiding team direction.
• Influence and mentor engineers and security practitioners across multiple teams without direct authority.
• Support hiring, development, and capability growth as the Product Security function matures.

Benefits

• Comprehensive benefits
• Differentiated compensation offerings
• Incentive compensation plan
• Extensive benefits programs designed to support the individual needs of our employees and their families, encompassing physical, financial, emotional and social well-being.