Lead, Application and Product Security Manager Scorecard
Mission of the Position:
The Lead, Application and Product Security Manager will lead the application security program to ensure the integrity, confidentiality, and availability of the Xurrent company and customer data.
Responsibilities include identifying, documenting, assessing, prioritizing, sizing, and mitigating application security risks. The role requires expertise in proactive risk management and rapid response to security threats to uphold customer trust and compliance with regulatory standards.
Responsibilities:
- Take full ownership of incident response process including annual tabletop exercises
- Lead the vulnerability management process including implementation of detection tools, leading the triage process, and providing guidance to internal teams on remediation of detected vulnerabilities
- Lead the company's business continuity and disaster recovery efforts
- Gather technical evidence for annual information security audits
- Monitoring of security and data protection inboxes and ownership of responsible disclosure program
- Risk assessment development and communication to stakeholders
- Third party (vendor) risk management program development and ownership
- Ownership of technical security policies
- Ownership of security awareness training and internal phishing simulation campaigns
- Coordinate with audit firms, consultants, and development teams to provide the information required to complete security review and audits in a timely manner.
- Stay informed about emerging threats and vulnerabilities.
- Define and implement the long-term vision, strategy, and roadmap for product and application security aligned with company objectives.
- Integrate security into the Software Development Life Cycle (SDLC) and DevSecOps pipelines.
- Communicate security risks and recommendations to executive leadership.
Requirements:
- In-depth knowledge of secure coding practices, application architectures, and cloud security, particularly in a SaaS environment.
- Strong background in software development and security.
- Familiarity with compliance requirements relevant to SaaS platforms (for example, ISO 27001, GDPR, SOC2).
- Excellent communication and interpersonal skills.
- Bachelor's degree in Computer Science, Information Security, or related field. Advanced degrees or certifications in cybersecurity (for example, CISSP, CISM) preferred.
