VP, Product Security Architecture Leader

About The Position

Requirements

• Bachelor’s or Master’s degree in Computer Science, Information Technology, Cybersecurity, or related field. In lieu of a degree, 15+ years of related experience. Advanced degrees and certifications preferred.
• 10+ years of progressive experience in information security, with at least 5 years in a leadership role focusing on application/product security architecture in financial services or highly regulated industries.
• Deep expertise in application/product security architecture and secure design for modern environments, including cloud-native architectures, APIs, identity and access management (IAM), encryption, and data protection.
• Demonstrated strength in threat modeling, application security risk assessment, and translating threat intelligence into actionable architectural improvements.
• Experience establishing governance for risk management, exceptions, and remediation monitoring across product and engineering organizations.
• AI security architecture experience (building or governing security requirements for AI-enabled applications/services; partnering with AI/ML and data teams; performing AI-related security risks assessment).
• SaaS security architecture experience (secure onboarding and integration patterns, identity integration, data protection expectations, logging/monitoring requirements, and risk management of SaaS configurations and controls).
• In-depth knowledge of financial services regulations and compliance frameworks, with the ability to ensure architecture decisions support regulatory adherence and audit preparedness.
• Exceptional communication and interpersonal skills, able to influence and articulate complex security concepts clearly to executive leadership, technical teams, and business stakeholders alike.
• Relevant professional certifications such as CISSP, CISM, CISA, SABSA, TOGAF, CCSK, or equivalent credentials are highly desirable.
• Ability and flexibility to travel for business as required

Responsibilities

• Strategic Leadership: Develop, communicate, and execute a comprehensive product/application security architecture strategy aligned with business objectives, risk appetite, and regulatory requirements within the financial services sector.
• Partner closely with senior leaders across Product, Engineering, Enterprise Architecture, IT, Risk Management, Compliance, and Business Units to embed security architecture principles into product roadmaps, SDLC/CI-CD practices, platform modernization, and key initiatives.
• Drive a security-first approach that anticipates emerging threats, trends, and innovations (including AI and SaaS) to ensure resilient and forward-looking product security architecture.
• Collaborate with AI/innovation, data, and engineering teams to embed secure-by-design practices into AI product delivery, including threat modeling for AI-driven features and integrations.
• Application & Product Security Architecture / Secure Design Advisory: Lead the design, development, and deployment of scalable security architecture patterns for applications and product platforms, including APIs, microservices, data flows, identity, cryptography, and secure logging/monitoring.
• Develop and implement specialized product security architecture frameworks for AI-enabled applications and services, including secure design requirements for: model and prompt interaction surfaces (where applicable) data privacy and sensitive data handling across AI workflows access controls and authorization for AI features and data integrity protections and misuse/abuse considerations (e.g., adversarial inputs, model manipulation where applicable)
• Define, implement, and enforce product/application security architecture standards, policies, and frameworks based on industry best practices (e.g., NIST CSF, CRI, CIS Controls, OWASP) to ensure consistency, compliance, and operational effectiveness.
• Provide security architecture guidance and decision support to engineering teams—including tradeoffs, compensating controls, and secure reference architectures—to enable secure delivery at speed.
• Define security architecture guidance for AI-related third-party services and platforms, including integration patterns, data sharing constraints, and control expectations.
• Threat Modeling & Application Security Risk Assessments: Conduct and operationalize advanced threat modeling and application security risk assessments to proactively identify vulnerabilities and guide architectural decisions that mitigate risks to critical financial assets and data.
• Ensure consistent evaluation of risks across authentication/authorization, session management, secrets management, data protection, API security, third-party components, and supply chain exposures.
• Risk Management & Remediation Monitoring: Establish governance to document, prioritize, and manage application/product security risks and architecture exceptions, including risk acceptance and time-bound remediation expectations.
• Monitor remediation progress to closure; validate corrective actions and escalate overdue/high-severity items through appropriate governance channels.
• Partner with Security Operations, GRC, and engineering teams to align remediation priorities with threat intelligence, control requirements, and business impact.
• SaaS Security Architecture Establish SaaS security architecture standards and reference patterns for: secure onboarding and vendor/solution architecture reviews identity integration (SSO/MFA), role-based access, and privileged access data classification, encryption expectations, retention, and eDiscovery considerations secure API/integration patterns, outbound data controls, and logging/monitoring
• Partner with Procurement/Vendor Management, Legal/Privacy, GRC, and Technology teams to ensure SaaS solutions meet Synchrony security and regulatory requirements and are configured securely.
• Define a repeatable approach for assessing SaaS architectural risk and tracking configuration and control gaps through remediation.
• Security Technology & Innovation (Product Security Enablement) Guide evaluation and adoption of security capabilities that improve product security outcomes (e.g., threat modeling tooling, security architecture automation, security requirements/pattern libraries, policy-as-code where applicable).
• Drive pragmatic innovation to increase coverage, consistency, and speed of security architecture engagements.
• Team Leadership & Development Build, mentor, and inspire a high-performing team of Application Security Architects, fostering technical excellence, consistent assessment quality, and strong partnership with engineering teams.
• Promote cross-functional collaboration between Security, Product, Engineering, IT, and business stakeholders to drive cohesive initiatives and measurable security maturity improvements.
• Stakeholder Engagement & Advisory Serve as a trusted advisor to executive leadership and key stakeholders by providing clear, business-focused insights and strategic recommendations concerning product/application risk posture, AI and SaaS security architecture, and compliance expectations.
• Manage relationships with key internal and external partners to ensure alignment with industry advancements and regulatory expectations impacting application, AI, and SaaS risk.
• Compliance, Governance & Audit Support Ensure that product/application security architecture components and initiatives comply with relevant regulations and industry standards applicable to financial services, including FFIEC, SOX, GDPR, PCI-DSS, and CRI.
• Support internal and external audits by providing architecture evidence, risk decisions, and remediation status; address findings through architectural improvements, standards updates, and stakeholder engagement.
• Perform other duties and/or special projects as assigned.