Head - DevSecOps

About The Position

Requirements

• 10+ years in software engineering, platform engineering, DevOps/DevSecOps, or SRE, including 5+ years leading managers and senior technical talent.
• Proven experience owning an enterprise CI/CD or developer platform strategy, roadmap, operating model, and adoption at scale.
• Strong knowledge of secure SDLC practices and delivery controls (e.g., SAST/DAST concepts, SCA, container/IaC security, secrets management, policy-as-code).
• Experience operating reliable services with SLOs/SLAs, observability, and incident management governance.
• Ability to translate risk, compliance, and audit requirements into automated, scalable platform controls and evidence.
• Executive-level communication and stakeholder management across Engineering, Security, Risk, Audit, Compliance, Legal, and Procurement.

Nice To Haves

• Experience with enterprise cloud foundations and governance (identity, networking, landing zones), and IaC/GitOps operating models.
• Background in regulated environments and familiarity with common frameworks (e.g., SOC 2, ISO 27001, NIST, PCI, SOX).
• Demonstrated vendor management, contract negotiation, and third-party risk management for platform and security tooling.
• Experience defining responsible adoption of AI-enabled developer tools, including governance, security/privacy controls, and value realization metrics.

Responsibilities

• Own the DevSecOps and CI/CD platform strategy, multi-year roadmap, and investment priorities aligned to business outcomes, cloud strategy, and risk posture.
• Lead and develop engineering managers and senior technologists; establish clear ownership, operating rhythms, and an automation-first culture.
• Set enterprise reference architectures, standards, and guardrails for secure software delivery across on-prem, cloud, and hybrid environments.
• Govern tooling decisions and platform modernization (build vs. buy, rationalization, deprecation) to optimize cost, reduce risk, and manage technical debt.
• Define and operate enterprise CI/CD platform services (service catalog, onboarding/adoption, support model) and ensure high adoption and strong developer experience.
• Standardize golden paths, reusable pipeline capabilities, and self-service patterns that improve lead time, quality, and consistency.
• Embed security-by-design and an enterprise shift-left program (application, dependency, container, and IaC security) with measurable reduction in vulnerabilities.
• Partner with Security, Risk, Audit, and Compliance to define control requirements, manage exceptions, and support audits with automated evidence collection.
• Provide architectural oversight for cloud and platform foundations (networking, identity, compute, storage) and set standards for IaC/GitOps practices.
• Be accountable for platform reliability outcomes: SLOs/SLAs, observability, incident governance, DR/BCP readiness, and recovery objectives.
• Own vendor strategy and commercial execution (RFPs, contracts, renewals) and establish third-party risk governance, SLAs/KPIs, and spend optimization.
• Define the enterprise approach to AI-enabled developer tooling, including governance, security/privacy controls, and measured rollout to improve productivity.

Benefits

• health and well-being benefits
• savings and retirement programs
• paid time off
• banking benefits and discounts
• career development
• reward and recognition programs