Director of Security and Compliance safeguarding digital assets and data with a focus on cybersecurity and compliance. Leading risk management, stakeholder engagement, and team leadership initiatives.
About the role
- Director of Product and Application Security at SailPoint overseeing security strategy and team management. Leading integration of security in product development for SaaS, on-prem, and AI products.
Responsibilities
- Develop and lead the enterprise-wide product security and resilience strategy, aligning with business goals and regulatory requirements.
- Partner with Dev/Ops, engineering, product management, and infrastructure teams to integrate security into SDLC, DevSecOps, and CI/CD pipelines.
- Establish and oversee secure architecture patterns, threat modeling practices, and resilience engineering frameworks.
- Drive adoption of security automation, vulnerability management, and secure coding standards across product teams.
- Build and mentor a high-performing team of product security architects, engineers, and software security specialists.
- Monitor emerging threats, technologies, and compliance trends to proactively evolve the security posture.
- Collaborate with legal, compliance, and risk teams to ensure alignment with global standards and certifications.
- Define and track KPIs to measure program effectiveness and maturity.
Requirements
- 7+ years in leadership roles, preferably in product or application security.
- Certifications like CISSP, CISM, CISA, CEH, GCIH, GCIA, are beneficial.
- Experience with secure software development practices and tools.
- Experience and knowledge of artificial intelligence software security, including OWASP AI Security and Privacy Guide, NIST AI Risk Management Framework, Cybersecurity AI (CAI), Open SSF AI/ML Security Framework.
- Experience with regulatory frameworks (e.g., NIST, ISO 27001, GDPR).
- Strategic Vision & Execution - Ability to define and communicate a clear vision for product security and resilience aligned with enterprise goals.
- Influence & Collaboration – Demonstrable experience building strong partnerships across an organization to drive secure-by-design culture.
- Technical Leadership - Deep understanding of product security issues (like XXE, SSRF, Injections, etc.), modern software development (fully automated CI/CD, REST, OAuth2) including multi-cloud (AWS, Azure, GCP, Containers, Kubernetes) architectures, particularly Amazon Web Services, Kubernetes, and software bill of materials (SBOM).
- Manage entire lifecycle of security researcher findings, customer reported security questions, issues, incidents, associated CVE’s.
- Change Management – Experience leading organizational change initiatives to embed security and resilience into product development lifecycles.
- Experience building relationships with software engineering teams, including managing mature product security including final security reviews, and, risk-driven product scoring/metrics.
- Talent Development - Demonstrable experience building high-performing teams through coaching, mentoring, and career development.
- Risk-Based Decision Making – Experience making informed decisions through balancing business priorities, technical constraints, and risk exposure.
- Executive Communication – Experience communicating complex technical concepts and ongoing program updates clearly to non-technical stakeholders and executive leadership.
Benefits
- Health and wellness coverage: Medical, dental, and vision insurance
- Disability coverage: Short-term and long-term disability
- Life protection: Life insurance and Accidental Death & Dismemberment (AD&D)
- Additional life coverage options: Supplemental life insurance for employees, spouses, and children
- Flexible spending accounts for health care, and dependent care; limited purpose flexible spending account
- Financial security: 401(k) Savings and Investment Plan with company matching
- Time off benefits: Flexible vacation policy
- Holidays: 8 paid holidays annually
- Sick leave
- Parental support: Paid parental leave
- Employee Assistance Program (EAP) and Care Counselors
- Voluntary benefits: Legal Assistance, Critical Illness, Accident, Hospital Indemnity and Pet Insurance options
- Health Savings Account (HSA) with employer contribution
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Information Security Risk & Compliance Analyst supporting the maintenance of ISO 27001 standards. Contributing to risk assessments and compliance across AAB’s Business Protection Team.
Information Security Risk & Compliance Analyst at AAB managing compliance with ISO 27001, supporting enterprise risk assessments and enhancing information security systems.
Information Security Risk & Compliance Analyst at AAB focusing on ISO 27001 compliance and information security management. Collaborating across teams to ensure robust risk and compliance frameworks.
Security Principal at Optiv designing AI security solutions for clients, leveraging advanced security services and technologies. Driving pipeline generation and maintaining strong client relationships as a trusted advisor.
Cloud Security Architect supporting federal customer projects focused on architecture and security solutions. Conducting risk assessments and defining security requirements within a cloud environment.
Information Security Specialist responsible for enhancing cybersecurity posture through incident management and compliance. Collaborating with cross - functional teams to monitor threats and implement security measures.
Senior Lead Info Security Architect leading and collaborating on cybersecurity solutions at TIAA. Responsible for secure design and implementation of cloud security strategies and practices.
Part Time Security Officer providing protection for Collector's personnel and assets at trade shows across North America while reporting to Security Shows & Transportation Manager.
Enterprise Security Architect at PBCN GmbH designing and implementing security architectures. Collaborating with teams to ensure application security and conducting risk assessments.