Product Security Architect

What you’ll do

• Strategic Leadership & Roadmap: Define and lead the enterprise-wide Application Security and SSDLC strategy, including short, mid, and long-term goals aligned with the group’s security posture and digital transformation initiatives. Develop and maintain AppSec maturity models (e.g. based on OWASP SAMM, NIST SSDF, BSIMM) and work with business units to assess current state and define realistic improvement plans. Drive the development of a global secure development policy, including approved tools, practices, and coding standards.
• Technology & Tooling Strategy: Evaluate, recommend, and support the rollout of AppSec tools such as SAST, DAST, SCA, container and IaC scanners, runtime protections, and CI/CD pipeline integrations. Collaborate with platform and DevOps teams to ensure tool integration and automation into developer workflows across brands. Provide architecture guidance on secure design patterns and security tool architecture in clou...