This is a UK based remote position.

We are seeking an experienced professional to collaboratively lead our Governance, Risk, and Compliance (GRC) initiatives along with Secure Software Development, and serve as a security interface for customer engagements. This role requires a strategic contributor who will work closely with Information Security and other senior leadership to embed security throughout the product development lifecycle, while managing security requirements in customer contracts, RFPs, and procurement processes. The ideal candidate will bring deep expertise in application security, secure development practices, GRC, and translating complex security requirements into practical solutions that enable business growth. This role reports to the Senior Director of Information Security.

________________________________________

Key Responsibilities

Strategic Product Security Leadership

• Lead out on the development and execution of a comprehensive product security strategy in partnership with the Senior Director of Information Security.

• Collaborate to establish security architecture standards and design patterns for products across cloud-based services, on-premises infrastructure, and customer-deployed solutions.

• Lead GRC initiatives in place (SOC2 and expanding), ISO27001 (Implementing), and new emerging GRC requirements.

• Partner with senior leadership and Information Security leadership to align product security initiatives with business objectives and customer requirements.

• Develop a threat model panel capable of providing security design and threat model review for

• Lead out on security design reviews and threat modeling sessions for new products, features, and architectural changes.

• Help create and sustain security champions programs to embed security expertise within development teams.

• Develop and manage vulnerability disclosure programs and third-party security assessments.

• Define and track security metrics and KPIs that demonstrate the effectiveness of the product security program, in coordination with your manager.

Secure Development and DevSecOps

• Work with the DevOps team to build and mature a DevSecOps program that automates security testing and validation throughout CI/CD pipelines.

• Collaboratively implement secure coding standards and development frameworks across engineering teams.

• Assist in overseeing security testing programs including SAST, DAST, SCA, and penetration testing.

• Promote adoption of threat modeling practices during product design and feature planning.

• Support vulnerability management processes from identification through remediation and validation.

Contract and RFP Security Management

• Serve as a leading and collaborative security authority in contract negotiations.

• Develop standardized security documentation and negotiate security terms in conjunction with InfoSec leadership.

• Build and maintain a library of security response templates and support pre-sales security evaluations.

• Lead out on training of security practices and responses with the Commercial organization to enhance their knowledge and ability to respond.

Product Security Operations

• Establish secure product release processes and security validation gates in partnership with the appropriate stakeholders from each organization.

• Oversee supply chain security and implement security observability in products.

• Contribute to the development of AI/ML model security practices.

Customer Security Engagement

• Act as a trusted advisor for strategic customers.

• Lead customer security reviews and present security roadmaps in collaboration with Product Management.

• Coordinate responses to customer security incidents and represent the company at industry forums, as directed.

Team Development and Collaboration

• Work collaboratively with senior leadership in building and mentoring a distributed product security team.

• Assist in delivering security training tailored to technical teams.

• Help foster a security-positive culture and collaborate across engineering and product organizations.

Security Operations and Incident Response

• Update and improve incident response playbooks specific to product vulnerabilities, in collaboration with appropriate stakeholder organizations.

• Manage incident response for product security breaches, ensuring alignment with broader InfoSec protocols.

Required Qualifications

Experience

• 15+ years of progressive experience in information security, secure development.

• Experience supporting security for organizations with hybrid cloud/on-premises architectures.

• Proven track record implementing secure SDLC programs and DevSecOps practices in fast-paced product environments

• Background supporting sales and customer-facing teams through security evaluations and contract negotiations

• Experience with unified communications platforms, VoIP systems, or similar real-time communication technologies, nice to have.

• Experience contributing to AI governance policies and responsible AI frameworks.

• Background in securing multi-tenant SaaS platforms and customer-deployed enterprise software.

Technical Expertise

• Deep understanding of application security principles, secure coding practices, and common vulnerability classes (OWASP Top 10, SANS Top 25)

• Expertise in security testing tools and methodologies (SAST, DAST, IAST, SCA, penetration testing)

• Deep understanding of cloud security architectures (AWS, Azure, GCP).

• Expertise in network security, identity and access management, and data protection.

• Knowledge of secure software development practices and DevSecOps methodologies.

• Familiarity with telecommunications security standards and unified communications protocols.

• Understanding of zero-trust architectures and modern security frameworks.

Leadership and Communication

• Exceptional ability to communicate complex security concepts to technical and non-technical stakeholders

• Experience presenting to executives, and external auditors

• Proven ability to influence and drive security initiatives across diverse teams

• Track record of building collaborative relationships with engineering and product organizations

Preferred Qualifications

• Advanced degree in Computer Science, Information Security, or related field.

• Professional certifications such as CISSP, CISM, or CRISC.

• Experience with privacy regulations including GDPR, CCPA, and HIPAA.

• Background in telecommunications or unified communications industry.

• Experience with FedRAMP or other government compliance frameworks.

• Knowledge of container security and microservices architectures.