VP – Product and Engineering Security

VP – Product and Engineering Security

Requirements

• A Bachelor’s or Master’s degree in Computer Science, Information Security, Software Engineering, or a closely related technical field, or equivalent demonstrable experience, and a strong portfolio showcasing significant achievements in application and product security leadership.
• Relevant industry certifications such as CISSP, CSSLP, OSCP, CEH, or cloud security certifications are highly desirable.
• Extensive experience leading and building security programs that are deeply integrated with the software development lifecycle (SDLC) and cloud-native applications.
• Possesses a strong engineering mindset, capable of earning the trust and respect of software and infrastructure engineers, acting as a trusted advisor and engaging proactively and effectively on technical security matters.
• Track record as a Security Leader or equivalent leadership role within a fast-paced, high-growth technology environment, ideally in gaming and/or financial services, and in highly regulated industries.
• Demonstrates a deep understanding of common application vulnerabilities (OWASP Top 10, etc.) and effective mitigation strategies.
• Comprehensive understanding of risk management and compliance frameworks such as ISO27001 and SOC2, with a practical understanding of their application to software development and deployment.
• Outstanding communication skills, with the ability to engage effectively with executive leadership, board members, customers, regulators, and other external stakeholders, as well as internal employees, team members, and peers.

Responsibilities

• Define and champion a global security vision that prioritizes secure development practices, application security, and infrastructure protection, aligning these initiatives with GeoComply’s business objectives and growth strategy.
• Own the comprehensive security roadmap, specifically focusing on integrating security into the SDLC and ensuring the resilience of our products and platforms against evolving threats.
• Partner closely with engineering and product leadership to embed security by design principles and influence key technical decisions, ensuring cybersecurity is a fundamental aspect of our innovation and future planning, including our IPO preparations.
• Establish a risk-based security framework that protects the company’s critical infrastructure, data, and products while adapting to regulatory requirements and industry standards.
• Champion regulatory compliance efforts by leading key initiatives such as ISO 27001, SOC 2, and GDPR, ensuring full readiness for audits and certifications, focusing on how these apply to our product offerings.
• Lead GeoComply’s global risk management program, ensuring proactive identification, assessment, and mitigation of security risks across all facets of the business, including those inherent in our technology and development processes.
• Lead all aspects of the company’s incident management program and processes, including incident response and breach notification, regulatory communications, and resolution. Partner with internal stakeholders to drive root cause assessment and corrective action.
• Serve as the primary representative for GeoComply’s security strategy, engaging with board members, investors, regulators, and key industry partners to articulate the company’s overall security posture, including the security architecture and measures embedded within our products and technology.
• Foster strong relationships with regulatory bodies and law enforcement, ensuring alignment with current and future legal and regulatory landscapes.
• Represent GeoComply globally, shaping industry standards, influencing cybersecurity policy, and positioning the company as a leader in secure digital transactions and technological innovation.
• Cultivate a security-first culture by empowering teams across the organization, especially within engineering and product, to prioritize security, providing targeted education on secure coding practices and application security.
• Lead, mentor, and inspire the global information security team, including application security engineers, developing future leaders, and fostering a culture of innovation, collaboration, and accountability.
• Shape the organization’s future cybersecurity talent strategy, ensuring the right capabilities are in place to support the company’s ambitious growth and technological advancements, with a strong emphasis on recruiting top-tier technical security expertise.

Preferred Qualifications

• Relevant industry certifications such as CISSP, CSSLP, OSCP, CEH, or cloud security certifications are highly desirable.