About the RoleWe are seeking an AVP
of Product Security, reporting directly to the Chief Information Security Officer. This leader will drive security into product development. This is a transformation role to scale company wide efforts across our products, and the right leader will bring a mindset that drives the business forward and with scalability at top of mind. You will drive the approach, patterns, and engagement that embed security through design standards, threat modeling, and automated processes.
The AVP of Product Security will own
security architecture and
vulnerability management. Architecture sets the standard at design time, and vulnerability management proves whether it held. This holistic approach means you set the direction and you get the data to steer by, with ownership over the environment.
AI is what makes this the moment. It is moving to the core of what we ship and how we build, and you will define how we secure it, from architecture patterns for models and agents to a vulnerability management program built for threats that did not exist two years ago. This is a chance to build the practice, with executive backing and a company growing fast enough to make it count.
What you will be doing:- Establish secure by design standards and the target state security architecture across product development, covering threat modeling, secure design review, secure SDLC, and vulnerability management.
- Shift security left into product and engineering to reduce risk and cost, so that fewer issues surface late in the release cycle where remediation is most expensive.
- Build a formal vulnerability management program encompassing both traditional vulnerability management and AI. This includes addressing prompt injection, model manipulation and evasion, training data poisoning, model and data exfiltration, insecure model supply chain, and unsafe agentic behavior.
- Enable secure AI adoption across our products and internal systems.
- Define security architecture patterns that drive clarity with the business and enable the right guardrails.
- Own risk based prioritization, remediation SLAs, and executive reporting for enterprise vulnerability management.
- Provide senior technical leadership and create clear, consistent standards across Product, Engineering, and Security.
- Build proactive security leadership and trusted partnerships across Product, Engineering, and Security teams.
- Recruit, develop, and lead a strong team of product security engineers and security architects.
What you will bring to the table:A proven track record across a variety of large, product driven organizations, with a focus on transformation, scale, and partnering with the business.
- 10+ years of information security experience, including 5+ years leading product security, security architecture, and/or vulnerability management functions.
- Proven experience embedding security into the Software Development Lifecycle SDLC at a software or SaaS company, including threat modeling, secure design review, code and dependency scanning, and penetration testing.
- Deep security architecture expertise across cloud native and hybrid environments (Azure preferred).
- Hands on experience implementing AI and ML security controls.
- Experience building or maturing enterprise vulnerability management programs, including risk based prioritization and remediation governance.
- A track record of influencing at the executive level and driving alignment across Product, Engineering, and Security organizations.
- Strong communication skills, with the ability to translate technical risk into clear business terms that enable decisions.
Bonus Points:- Experience securing agentic AI systems or AI enabled products in production.
- Familiarity with identity security, Active Directory, and Entra ID.
- Experience supporting compliance programs such as FedRAMP, SOC 2, ISO 27001, or NIST frameworks.
- Relevant certifications (CISSP, CSSLP, SABSA, TOGAF).
**Semperis maintains office locations in several cities across the globe. Where the job description specifies a required location, candidates will follow our hybrid work model. This includes working up to three days per week and remotely the remaining days.