Product & Application Security Associate Director
Share
Job Location:
Monthly Salary:
Posted on:
Yesterday
Vacancies:
1 Vacancy
Job Summary
Associate Director Product & Application Security (EMEA)
Role Purpose
Lead and scale the Product & Application Security program for our products portfolio across EMEA. Own secure-by-design practices from architecture and threat modeling through DevSecOps in CI/CD vulnerability management and coordinated disclosureenabling developer velocity without compromising risk posture. Align to our System Development & Application Security standards and reference patterns.
Key Outcomes
Establish EMEA-fit Secure SDLC guardrails (requirements release gating) and publish reference architectures for authentication/authorization secrets cryptography logging and privacy.
Embed DevSecOps controls in pipelines (SAST SCA secret scanning IaC/K8s policy-as-code SBOM generation artifact signing and provenance) with measurable pass/fail criteria.
Stand up product vulnerability management with SLA tiers risk-based triage and executive reporting.
Launch an EMEA secure coding enablement track and developer champions program.
Demonstrate compliance readiness for GDPR/NIS2 and AI-related controls applicable to product features.
Responsibilities
Own AppSec architecture and threat modeling for high-risk services; review designs and third-party components.
Define and enforce pipeline security controls; partner with Engineering to shift-left testing and automate gates.
Govern SBOM standards and software supply-chain risk (open-source hygiene provenance signing).
Lead vulnerability management and remediation orchestration across squads; partner with SRE for runtime hardening.
Chair the Product Security Review Board for go-live exceptions and risk acceptance.
Collaborate with Privacy/Legal on data protection by design; align with GRC on policy and control mapping.
Mentor an EMEA AppSec team; provide matrix leadership across GDC and product squads.
Required Qualifications
10 years in Application/Product Security; 3 years leading programs at scale.
Expertise with OWASP ASVS threat modeling (STRIDE/ATT&CK) API security and cloud-native architectures (Azure/AWS).
Hands-on with SAST/SCA/DAST IaC/K8s policy (e.g. OPA) container scanning and SBOM tooling.
Proven stakeholder management with Engineering Product and Platform teams.
Relevant certifications such as CSSLP CISSP or CISM (preferred).
Preferred Qualifications
Experience with AI/ML product risks (prompt injection model supply chain dataset governance).
Familiarity with GDPR NIS2 and secure disclosure practices.
Key Performance Indicators (KPIs)
Builds passing security gates (%).
MTTR for critical vulnerabilities.
Coverage of threat models and reference patterns.
SBOM completeness and policy adherence.
Exception trend and closure rate.
#LI-KS1
Required Experience:
Director
Key Skills
- Crisis Management
- Splunk
- Google Cloud Platform
- Cybersecurity
- Identity & Access Management
- Management Experience
- PCI
- NIST Standards
- Emergency Management
- Security
- Information Security
- Encryption
About Company
Today, Grant Thornton LLP is the U.S. member firm of Grant Thornton International Ltd, one of the world’s leading organizations of independent audit, tax and advisory firms. These firms help dynamic organizations unlock their potential for growth by providing meaningful, forward-looki ... View more
