Position Summary:

The Global Director, Security Services is responsible for leading and executing all security engineering efforts across GPC. This role focuses on comprehensive application security, covering both custom-developed and third-party SaaS/Packaged software, with oversight spanning over 1,000 applications and microservices globally. This position ensures that security standards and controls are embedded throughout the Software Development Lifecycle (SDLC) for every project within the company’s global IT portfolio. Additionally, the role functions as a primary security liaison to IT leadership, providing visibility into security performance and supporting IT Vice Presidents and Business Unit CIOs in managing risk. This position reports to the CISO and oversees a cross-functional, globally distributed team of engineers and specialists across North America, Europe, and Australasia.

Key Responsibilities:

Security Architecture and Engineering:

• Oversee and implement security requirements across all global IT portfolio items, including security requirements engineering, architecture reviews, penetration testing, software composition analysis, and code reviews.
• Define, promote, and oversee the adoption of pre-approved security blueprints within IT teams to streamline secure application implementation.
• Ensure application security through vulnerability reporting, secure coding practices, and collaboration with application development teams.
• Leveraging global SMEs across GRC, Cyber Defense and IAM functions to drive secure by design technology implementation.
• Support teams in securing infrastructure requirements as part of project security coordination.

Product/Application Security Ownership:

• Direct security practices for a global portfolio of over 1,000 applications and 500+ projects per year, including approximately 50% custom-developed solutions.
• Own and manage security technology stack required to deliver secure software, including but not limited to Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Application Security Posture Management (ASPM), and other related tools.
• Maintain and enforce security controls across the SDLC, conducting third-party security reviews, providing architectural guidance, and ensuring secure implementation practices.

Executive Communication and Risk Visibility:

• Develop and present executive-level security reports, providing insights into project-level security postures and highlighting any critical vulnerabilities.
• Assume full responsibility for all Cyber Executive Communication, up to C-Suire and Full Board Updates o Educate and inform IT Vice Presidents and Business Unit CIOs on security issues within their projects, driving the closure of identified vulnerabilities and assessment findings.

Global Team Leadership and Organizational Structure:

• Lead a team structured into three primary functions: Product Security, Engineering & Software Security, and Security Coordination & Champions Management with resources spread across North America, Europe, India and Australasia
• Manage a specialized team responsible for security technology enablement and governance, including SAST, DAST, ASPM, and GenAI security frameworks.

Budget and Resource Ownership:

• Exercise full budgetary responsibility for project-based security resourcing and tool allocations, ensuring optimal use of security resources across the global portfolio.

Compliance and Standards Enforcement:

• Assume full responsibility for Payments Security, incl. P2PE certification o Act as a conduit between project teams and the global GRC Team, ensuring alignment with PCI-DSS and privacy regulations.
• Identify compliance controls required within projects, enforce standards, and oversee their integration during the build process to mitigate risk proactively.

Key Stakeholder and Project Coordination:

• Serve as the single point of contact (SPOC) for project-level security support, overseeing security standards within projects to ensure alignment with enterprise security policies.
• Collaborate globally with stakeholders across North America, Europe, and Australasia to address region-specific security challenges and ensure cohesive security practices.

Key Performance Indicators (KPIs):

Secure Configuration: Zero vulnerabilities reach production environments, with a focus on proactive mitigation and ensuring all enterprise controls are properly implemented.

Security Efficiency: Achieve a “first-time pass” rate on security reviews, minimizing unplanned security work and optimizing development cycles.

Compliance Adherence: Ensure newly implemented technology maintains compliance with regulatory standards (PCI-DSS, privacy regulations) and internal policies, ensuring security controls meet audit requirements