Executive Director, Data and Application Security

What you will be doing:

• Oversee the day-to-day activities of Data & Application Security (e.g., secure code testing, data classification, data loss prevention, data protection, cryptography, data strategy and application security) but also act as the key point of contact, bridging the gap to leadership, collaborating closely with and providing regular reporting and updates to the CISO to ensure visibility and alignment with the overarching security strategy.
• Design and implement data security programs, managing and uplifting data protection services and securing organization-wide sensitive data through collaboration with different security domains and teams.
• Oversee application security capability and lead the integration of application security into the software development lifecycle (SDLC) to ensure secure design, development, and deployment, perform code-level security assessments (e.g., SAST/DAST) and evaluate application architectures for security weaknesses.
• Oversee the execution of data specific risk assessments to identify vulnerabilities, evaluate threats and implement data security measures and application of data protection controls (e.g., DLP, tokenization), to protect sensitive data across cloud, SaaS and on-premises environments.
• Guide the direction of management for the entire data lifecycle, including classification, labelling and secure access controls and implementation of encryption and key management systems (e.g., PKI, KMS, PGP) to protect sensitive data.
• Identify areas of organizational improvements regarding data and application security and oversee and lead data and application security awareness and training programs promoting best practices.

What we’re looking for:

• Take ownership and accountability for data and application security, integrating the previously disjointed and siloed capabilities and collaborating with previous capability owners to share knowledge, ensuring a seamless transition and enhancing overall security outcomes.
• Manage the coordination between other security pillars (e.g., Cyber Operations) ensuring seamless collaboration to align efforts on monitoring and threat detection. Facilitate communication to flag sensitive data activity, enable timely responses to potential data leaks, and provide context for alerts or anomalies detected by the SOC’s monitoring tools.
• Identify, recruit and upskill in-house application security talent, with the skills to implement secure coding practices, perform static and dynamic application security testing (SAST/DAST) and manage vulnerability remediation across the SDLC.
  

Professional qualifications / certifications

• Extensive experience in data security (~10 years), including ~5-7+ years in a senior leadership role overseeing data protection, application security and SDLC uplift.
• Experience in:
  • Working in highly regulated operations and complex organizational structures.
  • Reporting to senior leadership supporting executive level decision-making and prioritization.
  • Engaging in complex governance, contributing to multi-layered committees or forums.
• Understand, interpret and apply regulatory requirements, compliance and industry standards as pertains to Data & Application Security.