Associate Director, Application Security

Roles & Responsibilities

The incumbent will be managing team members in SG/Cyber Technology Centre (Malaysia)/Batam Technology Centre (Indonesia) and responsible for defining and overseeing the organization's application security architecture, ensuring alignment with target architectures and modern development practices.

WHAT YOU'LL BE DOING:

1. Strategic Oversight of Security Architecture

• Define, design, and implement the target application security architecture in line with organizational goals and industry/regulatory standards.
• Establish a comprehensive application security strategy, ensuring seamless integration into enterprise architecture and technology roadmaps.
• Conduct architectural reviews to identify risks and recommend mitigation strategies, focusing on secure and scalable solutions.

2. CI/CD Pipeline Security

• Lead the integration of security controls into CI/CD pipelines, ensuring automated detection and remediation of vulnerabilities.

3. Secure Software Development Lifecycle (SDLC)

• Develop and enforce secure development guidelines, ensuring security is incorporated at every stage of the SDLC.
• Provide leadership in threat modelling, secure coding practices, and software code quality management across development teams.
• Work with application teams to prioritize security requirements, balancing business objectives with technical risks.

4. Vulnerability Management and Mitigation

• Oversee the overall strategy for SAST, DAST, to identifying and remediating vulnerabilities.
• Ensure timely resolution of identified issues, coordinating efforts across development, QA, and DevOps teams.
• Maintain and communicate detailed metrics and dashboards on the security posture of applications and pipelines.

5. Cross-Functional Collaboration

• Partner with application teams to align security architecture with business needs and project timelines.
• Act as the primary liaison between technical teams and executive leadership, effectively conveying security risks and architectural priorities.

WE ARE LOOKING FOR SOMEONE WITH | YOU WILL HAVE:

• Bachelor's degree of computer science, Information Security, or a related field. A Master's degree would be an added advantage.
• Information Systems Security professional certifications, such as CISSP, CSSLP, CEH, OSCP or CREST.
• At least 15 years of experience in cybersecurity, with a focus on application security, security architecture, and secure development practices.
• Proven expertise in designing and implementing security controls within CI/CD pipelines in Agile and DevOps environments.
• Demonstrated success in defining and overseeing secure application architectures for cloud-native and hybrid environments.
• Deep understanding of secure software development lifecycle (SDLC) methodologies and best practices.
• A team-player with systematic problem-solving approach, and have sense of ownership and drive.
• Must have strong people skill to lead a team effectively and demonstrable experience of working at the most senior levels of large and complex organizations.
• Excellent interpersonal skills and stakeholders management.
• Always have customer in mind when dealing with any situations/projects/deliverables.
• Interprets customer needs, assesses requirements and identifies solutions to non-standard requests.
• Able to negotiate with, influence and engage others in complex and conflicting situations across multiple parties to drive a positive outcome.
• Good communication skills and the communication network of the incumbent is expected to be internally within the enterprise (80%) and external with Vendors and Service Providers (20%).

Tell employers what skills you have

Information Security
Security Architecture
CEH
Remediation
Application Security
Pipelines
Vulnerability Management
Interpersonal Skills
Architectural
Agile
SDLC
Security Strategy
Enterprise Architecture
Application Security Architecture
Software Development
CISSP

---