GVP, Product Security Engineering and Enablement

About The Position

Requirements

• Proven senior leadership experience leading or significantly scaling Product and Application Security teams within a complex global organization.
• Deep expertise in secure software development practices, including threat modeling, secure architecture, API security, and cloud-native application security.
• Proven ability to embed security into modern SDLC and DevSecOps environments, leveraging automation and policy-as-code for scalable controls.
• Strong understanding of regulatory and industry frameworks (SOX IT, PCI DSS, ISO 27001) and experience driving compliance in product security contexts.
• Proven ability to partner effectively with senior leaders across cybersecurity, internal audit, legal and privacy, enterprise risk management, technology, product, and business functions.
• Experience leading and developing teams or functions in global, matrixed environments, with a focus on accountability, execution discipline, and talent development.
• Excellent written and verbal communication skills to translate complex security concepts into actionable insights for executive and technical audiences.
• Advanced degree and/or relevant professional certifications preferred (e.g., CISA, CRISC, CIPP, CIPM, CISSP, or comparable credentials).

Responsibilities

• Own the enterprise Product & Application Security strategy, ensuring secure-by-design and secure-by-default principles are embedded across all products, platforms, and services.
• Maintain and evolve the security architecture and governance framework for applications, APIs, and software development practices, aligning with enterprise risk objectives and regulatory requirements.
• Maintain, enforce, and enhance security standards and policies for product development, including secure coding practices, threat modeling, and vulnerability management across global engineering teams.
• Partner with product, engineering, and platform leaders to integrate security into agile development lifecycles and CI/CD pipelines while maintaining speed and innovation.
• Oversee assurance programs, including penetration testing, bug bounty, and vulnerability disclosure, ensuring findings are prioritized and remediated effectively.
• Lead risk management for software supply chain and third-party components, enforcing SBOMs, contractual security obligations, and continuous monitoring of dependencies.
• Drive compliance alignment for application security controls with industry frameworks and regulatory standards (e.g., SOX IT controls, PCI DSS, SWIFT, privacy and data protection requirements, or similar standards), ensuring audit readiness.
• Integrate privacy-by-design principles into product security architecture, ensuring compliance with global data protection laws and safeguarding consumer and employee data across streaming, studio, and gaming platforms.
• Provide executive-level reporting on product security posture, risk trends, and remediation progress to senior leadership and governance bodies.
• Build and scale a high-performing global team, fostering technical excellence, accountability, and a culture of partnership with product and engineering organizations.
• Serve as a thought leader and trusted advisor, monitoring emerging threats and technologies, influencing enterprise strategy, and representing the organization in industry forums.

Benefits

• health insurance coverage
• an employee wellness program
• life and disability insurance
• a retirement savings plan
• paid holidays and sick time and vacation