Associate Director, Application Security

The incumbent will be managing team members in SG/Cyber Technology Centre (Malaysia)/Batam Technology Centre (Indonesia) and responsible for defining and overseeing the organization’s application security architecture, ensuring alignment with target architectures and modern development practices.

WHAT YOU’LL BE DOING:

1. Strategic Oversight of Security Architecture

• Define, design, and implement the target application security architecture in line with organizational goals and industry/regulatory standards.
• Establish a comprehensive application security strategy, ensuring seamless integration into enterprise architecture and technology roadmaps.
• Conduct architectural reviews to identify risks and recommend mitigation strategies, focusing on secure and scalable solutions.

2. CI/CD Pipeline Security

• Lead the integration of security controls into CI/CD pipelines, ensuring automated detection and remediation of vulnerabilities.

3. Secure Software Development Lifecycle (SDLC)

• Develop and enforce secure development guidelines, ensuring security is incorporated at every stage of the SDLC.
• Provide leadership in threat modelling, secure coding practices, and software code quality management across development teams.
• Work with application teams to prioritize security requirements, balancing business objectives with technical risks.

4. Vulnerability Management and Mitigation

• Oversee the overall strategy for SAST, DAST, to identifying and remediating vulnerabilities.
• Ensure timely resolution of identified issues, coordinating efforts across development, QA, and DevOps teams.
• Maintain and communicate detailed metrics and dashboards on the security posture of applications and pipelines.

5. Cross-Functional Collaboration

• Partner with application teams to align security architecture with business needs and project timelines.
• Act as the primary liaison between technical teams and executive leadership, effectively conveying security risks and architectural priorities.

WE ARE LOOKING FOR SOMEONE WITH | YOU WILL HAVE:

• Bachelor’s degree of computer science, Information Security, or a related field. A Master’s degree would be an added advantage.
• Information Systems Security professional certifications, such as CISSP, CSSLP, CEH, OSCP or CREST.
• At least 15 years of experience in cybersecurity, with a focus on application security, security architecture, and secure development practices.
• Proven expertise in designing and implementing security controls within CI/CD pipelines in Agile and DevOps environments.
• Demonstrated success in defining and overseeing secure application architectures for cloud-native and hybrid environments.
• Deep understanding of secure software development lifecycle (SDLC) methodologies and best practices.
• A team-player with systematic problem-solving approach, and have sense of ownership and drive.
• Must have strong people skill to lead a team effectively and demonstrable experience of working at the most senior levels of large and complex organizations.
• Excellent interpersonal skills and stakeholders management.
• Always have customer in mind when dealing with any situations/projects/deliverables.
• Interprets customer needs, assesses requirements and identifies solutions to non-standard requests.
• Able to negotiate with, influence and engage others in complex and conflicting situations across multiple parties to drive a positive outcome.
• Good communication skills and the communication network of the incumbent is expected to be internally within the enterprise (80%) and external with Vendors and Service Providers (20%).