Head of Product Security Engineering & Architecture

San Francisco /
Security & Trust – Security Engineering & Architecture /
Full-time
At ASAPP, we are on a mission to build transformative machine learning-powered products that push the boundaries of artificial intelligence and customer experience. We focus on solving complex, data-rich problems — the kind where there are huge systemic inefficiencies and where a real solution will have a significant economic impact. Our CX performance platform uses machine learning across both voice and digital engagement channels to augment and automate human work, radically increasing productivity and improving the efficiency and effectiveness of customer experience teams.

The Head of Product Security Engineering & Architecture is the lead engine that frames the backbone of trust for our product and our customers. This is a highly visible, influential, and collaborative role that is critical to the success of the company. You are the builder, the protector, the educator, and a thought-leader. 

In this role, you will lead an international team of security engineers while partnering with engineering teams across the organization to influence architecture and design decisions as well as drive development efficiency through automation.

Position is remote-friendly.

What you'll do

    • Lead and manage multiple functions in the Security & Trust Organization reporting to Chief Security & Trust Officer: Infrastructure Security, Application Security, Monitoring & Incident Response, Security ArchitectureDesign, build, implement, (or partner to implement) an agile, resilient, and innovative process and technology control capability aligned to the risk appetite and top-notch industry practices.
    • Partner closely with stakeholders in Engineering, SRE, ML Engineering, Product, and GRC to drive security control development and management deep into the product from infrastructure to features in alignment with current thresholds and drive agenda to continuously close gaps to threshold targets.
    • Establish strong accountability for product security by building on a culture of data transparency, distributed responsibility, and developer education with a risk-centric and business-aligned mindset.
    • Partner closely with IT to inform and align the corporate security agenda with best practices and standards for process/technology controls.
    • Deeply understand and prioritize infrastructure & application product security risks and develop methods for remediation.
    • Heavily influence, inform, and contribute to security strategy and priority through risk-informed security control roadmaps, and practical business-aligned security reference architectures.
    • Provide architectural review “consulting” services across the enterprise.
    • Manage proactive, continuous security monitoring, lead incident response and cultivate post-IR learning activities into the DNA of the organization.
    • Manage vulnerability management and disclosure processes across the enterprise (product and corporate).
    • Develop, measure, and manage key metrics to continuously inform executive leadership of product security status on a continuous basis.

What you'll need

    • Prior experience in multi-disciplinary security leadership of 3-5 years.A foundational technical background with a total of 10+ years of practical experience and a minimum of 5 years security-related.
    • Security leadership business acumen from functional design to organization to organizational and team dynamics.
    • Exceptional ability to synthesize and visualize data for critical risk-based decision making.
    • Strong verbal and written communications with the ability to communicate security mission, vision, and purpose clearly and in varying forms and attitudes to all business stakeholders regardless of organization or position. A strong security mindset, intuition, and ability to pivot quickly and calmly while under pressure.
    • Prior depth of experience with security incidents.
    • The ability to cultivate partnerships through a service delivery model mindset.
    • Knowledge and experience with industry security models and frameworks from control models, maturity models, to threat models, etc.
    • Prior experience in a technology company working closely with product, developers and DevOps/SRE engineers.
    • Experience with DevOps environments and AWS security controls.
    • Both scale and process-centric thinking with past experience in high-growth organizations.
    • Critical strategic-thinking and planning skills.

Perks

    • Competitive compensation
    • Fitness and wellness perks
    • Learning and development opportunities
ASAPP is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, disability, age, or veteran status. If you have a disability and need assistance with our employment application process, please email us at careers@asapp.com to obtain assistance. #LI-DB1 #LI-Remote