AMD Public-Dallas-Vice President-Security Engineering

About The Position

Requirements

• Experience: 12+ years of progressive experience in Technology Risk, Information Security, or Application Development, with at least 5 years in a senior leadership or "Head of" capacity within the Financial Services industry, specifically with exposure to Asset Management.
• Technical Depth: Deep understanding of core cryptography concepts (Encryption, Hashing, HMAC, digital signatures), cloud security principles (AWS preferred), and web stack technologies (e.g., HTTP, HTML5, AJAX, REST, OAuth, SAML, OIDC).
• Regulatory & Risk Expertise: Expert knowledge of global financial regulations (e.g., SEC, FINRA, GDPR, CCPA) and proven experience applying risk management methodologies such as FAIR (Factor Analysis of Information Risk) or similar frameworks.
• Leadership & Management: Proven ability to build, mentor, and lead high-performing global teams of security professionals. Demonstrated success in building coalitions and influencing diverse engineering, business, and executive stakeholders.
• Program Management: Strong program and project management skills with a track record of driving complex security initiatives to successful completion within committed timelines.
• Communication: Exceptional written and oral communication skills, with the ability to articulate complex technical risks and solutions clearly to both technical and executive audiences.
• Risk Assessment: Expertise in performing risk assessments, identifying gaps in compliance with information security policies, and recommending effective mitigation strategies.
• Acquisition Experience: Experience with acquisition due diligence and integration from a technology risk perspective.
• Security Standards: Familiarity with leading security standards and frameworks such as NIST, OWASP, SANS Top 20, PCI DSS, and CIS Controls.

Nice To Haves

• BS or MS degree in Computer Science, Cyber Security, Information Security, or a related technical field.
• Relevant industry certifications such as CISSP, CISM, CRISC, CISA, or cloud-specific security certifications (e.g., AWS Certified Security – Specialty).
• Experience with leveraging AI/ML to solve security problems and scale operations.
• Knowledge of secure coding languages (e.g., Python, Java, Go).

Responsibilities

• Strategic Leadership & Governance:
• Define and execute the multi-year Technology Risk roadmap for the Asset Management division, ensuring alignment with firm-wide standards, industry best practices, and frameworks such as the NIST Cybersecurity Framework.
• Lead the divisional Risk and Control Self-Assessment (RCSA) process and oversee regular control assessments to identify, evaluate, and mitigate technology risks specific to Asset Management.
• Act as the primary liaison for internal and external audits, regulatory examinations (e.g., SEC, FINRA, GDPR, CCPA), and client due diligence requests, ensuring all commitments are met.
• Provide executive-level reporting on risk trends, key risk indicators, and the overall technology risk profile to Asset Management leadership, the AWM Operating Committee, and Firmwide Technology Risk leadership.
• Oversee and guide a team of embedded Technology Risk Officers supporting specific Asset Management business verticals, ensuring consistent application of risk management principles, policies, and controls.
• Technical Risk Advisory & Architecture:
• Oversee the "Security Single Point of Contact" (SPOC) model for key Asset Management initiatives, including new product launches, strategic projects, and M&A due diligence, ensuring security is integrated from inception.
• Ensure that secure design principles, threat modeling, and OWASP Top 10 mitigations are systematically integrated into the architecture and development lifecycle of all Asset Management applications and platforms.
• Drive the adoption of advanced security patterns for cloud-native deployments (AWS preferred) and hybrid infrastructures, optimizing security posture while enabling business agility within Asset Management.
• Product Security & SDLC Integration:
• Champion the "Shift Left" philosophy by embedding automated security controls and practices within the Software Development Life Cycle (SDLC) using Agile methodologies across Asset Management engineering teams.
• Supervise the execution of comprehensive threat modeling, manual code reviews, penetration testing, and vulnerability assessments across the entire Asset Management application portfolio.
• Collaborate closely with Engineering and DevOps teams to enhance the firm’s security posture through the implementation of automated CI/CD security gates and secure development practices.
• Client Due Diligence & Revenue Protection:
• Oversee the client-facing security due diligence function for Asset Management, supporting high-value prospect requests and existing client audits to protect and enable revenue streams.
• Represent the firm’s security maturity, technical resilience, and robust control environment to external institutional clients, partners, and investors in the Asset Management sector.
• Innovation & Scaling:
• Drive the integration of Artificial Intelligence (AI) and Machine Learning (ML) to automate risk detection, enhance threat intelligence, and scale security operations efficiently.
• Research and evaluate emerging trends in fintech security, cryptography, and regulatory landscapes to advise portfolio companies and internal stakeholders on proactive risk mitigation strategies.