CNAPP Program Leader

The opportunity

Own the end-to-end strategy and adoption of EYs Cloud-Native Application Protection Platform (CNAPP) - spanning posture (CSPM) identity (CIEM) workload/runtime (CWPP/KSPM) IaC/image scanning and data posture (DSPM). You will align global business and technology stakeholders rationalize the tool portfolio (e.g. Microsoft Wiz Qualys Aqua) drive adoption and measure risk reduction and time-to-value at scale. Responsible for providing strategic direction cross-functional coordination and management for the CNAPP program. Aligns program objectives with organizational priorities and defines success metrics. Champions the program across the organization facilitates stakeholder engagement and drives towards customer value outcomes.

Key Responsibilities

• Own the end-to-end lifecycle of the Cloud-Native Application Protection Platform (CNAPP) from strategy roadmap and architecture through deployment operations and ongoing optimization.
• Drive global adoption and enablement of CNAPP by developing guidance documentation and engagement programs that support business and technology teams.
• Collaborate cross-functionally with business architecture engineering security DevOps and product teams to embed CNAPP capabilitiessuch as workload protection vulnerability management compliance monitoring and cloud entitlement managementinto cloud-native application workflows.
• Define and uphold platform governance policies and best practices to ensure consistent robust protection of cloud assets and data.
• Continuously evolve the CNAPP strategy and roadmap by monitoring use case value realization technology trends and industry best practices.
• Establish and measure success through key performance indicators (KPIs) focused on use case effectiveness adoption and value realization. Incorporate platform health metrics in partnership with technical teams.
• Deliver executive-level insights and recommendations on CNAPP strategy roadmap progress value delivery risks dependencies metrics and change management initiatives.

Qualifications

• 10 years of experience as product owner/manager in cloud security or adjacent domains with a track record of business impact.
• Bachelors or Masters degree in Computer Science Information Security or a related fieldor equivalent experience.
• Technical fluency with the ability to engage credibly on architecture APIs data models and engineering constraints. Strong grounding in security privacy and accessibility principles and the ability to translate complex technical concepts for non-technical and executive audiences.
• Exceptional cross-functional program leadership communication and stakeholder management skills within a global organization. Demonstrated ability to align cross-functional stakeholders across information security technology and client-facing teams through influence and relationship-building. Skilled at coaching delegation and fostering team growth.
• Strategic planning capability to develop a 1218 month CNAPP vision and translate it into an outcome-driven roadmap with clear quarterly objectives and measurable results.
• Strong business acumen with a proven ability to engage and communicate effectively with diverse audiences from executives to practitioners.
• Track record of delivering results in complex fast-paced environmentsmanaging multiple priorities leading cross-functional initiatives and driving adoption at scale.
• 10 years of experience in information security cloud security or cloud architecture including at least 5 years focused on cloud-native platforms (AWS Azure GCP).
• Deep understanding of CNAPP capabilities including container and serverless security API protection and cloud workload protection.
• Hands-on familiarity with leading security tools and platforms such as CSPM CWPP CIEM IaC scanning DSPM runtime threat detection and vulnerability management.
• Relevant professional certifications (e.g. CISSP CCSP Azure Security Specialty) highly preferred.
• Knowledge of regulatory and industry frameworks (e.g. ISO 27001/2 ISO 27017 GDPR) and cloud compliance requirements preferred.