Senior Director - SaaS, Cloud & Product Security

Set strategy & operating model: Define and execute a multi-year product/security strategy and roadmap across AI, SaaS, cloud, and product lines; establish a durable operating rhythm. Lead the function: Operate, scale, and lead a product security organization (e.g., security architects, product security engineers, security champions enablement, AppSec tooling/program roles), including hiring, coaching, and performance management Engage directly with customers to support sales cycles: Join customer and prospect calls to speak as the security SME, helping close deals by building trust and addressing concerns while also participating in RFP/RFI responses where product security expertise is needed. Embed security into the SDLC/DevSecOps: Ensure security is integrated into agile delivery through developer security training, design/architecture reviews, threat modeling, security user stories, automated security testing, penetration testing, and audit readiness. Review contracts for security and compliance requirements: Evaluate customer agreements, security addendums, DPAs, and vendor contracts for alignment with internal capabilities and risk thresholds. Partner with Legal, Sales, and GRC to ensure commitments are feasible, enforceable, and do not introduce undue operational or compliance risk. Architecture & design influence: Serve as a senior security advisor to engineering leadership; drive secure-by-design decisions for multi-tenant SaaS, APIs, identity, encryption, secrets, logging/monitoring, and tenant isolation. Secure SDLC governance & standards: Own or co-own secure development policies/standards, release security criteria, and “definition of done” expectations (e.g., required SAST/DAST/SCA gates; pre-release validation). Supply chain & third-party security: Define requirements for OSS and third-party components, including provenance, vulnerability monitoring, and secure acquisition/maintenance practices. Metrics & continuous improvement: Establish measurable outcomes and reporting frameworks to track program effectiveness (risk reduction, coverage, remediation speed, escaped defects, incident trends) and guide investment decisions. Cross-functional partnership: Partner with product engineering groups as trusted security counterparts across architecture, design, deployment, and runtime operations; influence backlogs and roadmaps without slowing delivery. Customer & regulatory assurance: Support customer security reviews, attestations, and compliance-driven requirements by translating expectations into practical engineering controls and evidence. AI-first approach to securing SaaS and cloud-native architectures (multi-tenancy, microservices, containers/Kubernetes, service meshes, CI/CD, infrastructure-as-code). Strong application & product security fundamentals (secure design, threat modeling, secure coding patterns, API security, authn/authz, cryptography, secrets management). Fluency with secure development frameworks and maturity models (e.g., NIST SSDF practice groups and outcomes; metrics-driven improvement). Strong stakeholder influence at senior levels—able to navigate ambiguity and drive alignment across Product, Engineering, Platform/SRE, and Compliance. 10+ years in security engineering and/or product security, with significant experience in cloud and SaaS environments. 5+ years leading managers and/or multiple teams, scaling security programs across multiple products or business units. Demonstrated success embedding security into engineering workflows (agile/DevOps) and improving release quality through automated testing and standard gates. Track record partnering with engineering leadership to influence architecture/roadmaps and drive remediation accountability. Experience supporting customer assurance and compliance obligations tied to secure development expectations (SSDF-aligned language helpful). Bachelor's degree in Computer Science, Engineering, or equivalent practical experience. Proven people leadership experience building and scaling security teams.