Head of Application Security

About the role

Apex is seeking a Head of Application Security to lead and mature its global Application Security capability. This is a senior leadership position responsible for defining strategy, setting standards, and driving execution across key domains: Application Security, DevSecOps, AI Security, and Cloud-Native Application Security[WJ1.1] Engineering. As the Apex's senior authority for secure software and platform delivery, you will ensure that security is embedded by design throughout the technology lifecycle-enabling engineering teams to innovate rapidly and safely while maintaining compliance with regulatory and business requirements. Key Responsibilities[WJ2.1] - Define and own the global Application Security strategy aligned to Apex's cyber risk posture and regulatory obligations. - Ensure developers meet KPI's and business deliverables. - Ensure developers keep up with emerging threats and technologies. - Lead and develop multiple security engineering teams across Application Security, DevSecOps, AI & Data Security[WJ3.1], and Cloud & Infrastructure[WJ4.1] Developer Platform Security. - Serve as the senior security authority for application, platform, and DevSecOps-related design and engineering decisions. - Ensure security controls are documented and [WJ5.1]embedded throughout the software development lifecycle (SDLC) and CI/CD pipelines. - Oversee application threat modelling, secure design reviews, and architecture risk assessments. - Drive adoption of secure coding standards, automated security testing (SAST, DAST, SCA), and secrets management. - Provide oversight on cloud-native and infrastructure security patterns in hybrid and multi-cloud environments. - Define security guardrails for AI-enabled applications, data pipelines, and emerging technologies. - Partner with Architecture, Engineering, Cloud, and Platform teams to deliver secure-by-default solutions. - Translate security policies and standards into practical, consumable engineering guidance. - Communicate application and platform risk to senior leadership and governance forums. - Support audit, regulatory, penetration testing and[WJ6.1] assurance activities related to application and platform security. - Execute delegated tasks as deemed appropriate by the Group CISO and other empowered Group Cyber leadership authorities, ensuring timely and effective completion in alignment with organizational priorities. - Support the Group Cyber Strategy end-to-end, driving alignment of all activities, decisions, and deliverables with strategic objectives and business outcomes. Areas of Specialization - Application Security: Secure software architecture, threat modeling, secure design reviews, vulnerability management, and secure coding practices. - DevSecOps: CI/CD pipeline security, automation of security controls, integration of security tooling, and developer enablement. - Cloud & Infrastructure Security: Secure cloud-native architectures, infrastructure-as-code security, and platform hardening across hybrid and multi-cloud environments. - AI Security: Security and governance controls for AI-enabled applications, data pipelines, and emerging technologies. Required Experience & Skills - Experience: o 10+ years in cybersecurity, software engineering, or platform engineering roles. o 8+ years in senior management positions within security engineering, architecture, or similar leadership roles, with proven accountability for strategy, team leadership and delivery of enterprise-scale security programs. - Technical Expertise: [WJ7.1] o Strong hands-on understanding of application security architecture, threat modeling, and DevSecOps practices. o Proven experience in securing microservices architecture and API ecosystems. o Knowledge of Gitlab, GitHub and API security and integrations. o Experience securing applications and platforms in cloud environments (Azure, AWS and OCI). o Deep knowledge of security principles, secure design patterns, and defense-in-depth strategies. - Knowledge of Standards: [WJ8.1] o Familiarity w