Head of Product Security

Company Description

Conferma is a global payment technology company who combine innovation and expertise to push the boundaries of what can be achieved in the world of virtual payments. We were created in 2005 and were more recently acquired by Sabre, with additional investment from Mastercard. Over the past decade, the Conferma ecosystem has grown, enabling us to become the worlds largest payments platform for virtual cards

Weve engineered connectivity to over 80 of the worlds best commercial card partners, over 400 travel management companies and over 150 travel technology partners. Every day, our team members work together to make it easier for travellers to connect with people and places. Our teams include passionate people dedicated to providing an environment that encourages partnership, a place where you feel like you belong, and where you are empowered to succeed. We look forward to having you join our journey and seeing how far we can go, together!

Position

Head of Product Security at Conferma is responsible for:

The Head of Product Security is responsible for leading and managing the product security program to ensure the security and integrity of all software applications. This role involves developing and implementing security strategies, policies, and procedures to protect the organisations applications from threats and vulnerabilities. The ideal candidate will have a strong background in application security, excellent leadership skills, and the ability to work collaboratively with various teams. The Head of Product Security will work with the Director of Security (CISO) to develop and implement the Security Product strategy.

Key Responsibilities:

Leadership and Strategy:

• Lead and mentor the product security team, fostering a culture of security excellence.
• Develop and implement the product security strategy in alignment with organisational goals.
• Provide strategic oversight and direction for all product security initiatives.
• Stakeholder Management:
• Own the relationship with product security vendors and ensure all findings are reviewed and appropriate actions are taken.
• Work closely with development teams, product managers (PM), and third-party groups to ensure that Conferma products are secure.
• Collaborate with development teams to integrate security best practices into the software development lifecycle (SDLC)
• Support and consult with product and development teams in the area of application security, including threat modelling and application security reviews.
• Prepare and present regular reports on the status of the Conferma product security to senior management.

Vulnerability Management:

• Oversee vulnerability management assurance and ensure that teams are remediating vulnerabilities.
• Assist teams in reproducing, triaging, and addressing application security vulnerabilities.
• Lead efforts to remediate any identified vulnerabilities from pen testing engagements.

Reporting and Compliance:

• Report to Governance, Risk, and Compliance (GRC) on all metrics required, as defined by our Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs).
• Ensure compliance with relevant security standards and regulations.

Security Controls:

• Own and manage controls such as continuous penetration testing & SAST tooling for all Conferma applications.
• Continuously evaluate and improve security controls to address emerging threats for the Conferma applications.
• Assist in development of security processes and automated tooling that prevent security miss-configuration and issues
  

Requirements

You have:

• Proficiency with security tools such as Veracode and other application vulnerability assessment tools.
• Strong understanding of DevSecOps process, Azure DevOPs experience would be advantageous.
• Experience with security controls to adhere to PCI DSS requirements
• Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner
• Able to work well with software development teams
• Familiarity and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10).
  

You have:

• Visionary with a strategic mindset.
• Familiarity with secure coding practices and frameworks.
• Proactive and able to foster collaboration between departments.
• Strong interpersonal and leadership skills.
• 5 years+ of experience in application/product security field.

Other information

Compensation

Salary and Bonus dependent on Location, experience, and skills

Benefits at Conferma

At Conferma we understand that our people are what make us great. We have set out to provide a comprehensive benefits package that includes everything you would expect as well as providing flexibility for you and your family.

Flexible Paid Time Off

33 days paid annual leave (including bank holidays) and the ability to purchase up to 10 more days holiday each year. Time off for life events and such as moving house or getting married. An additional days leave on or around your birthday.

You and Your Family

Enhanced paid parental leave available for the birth of each child. Single cover private medical scheme with the option to add family members (after probation period). A confidential Employee Assistance program (EAP) available to all 24/7. Access a range of fantastic rewards (such as Cycle2Work, Gym Membership, Tech Scheme and discounted shopping and Cinema) via Conferma Rewards.

Diversity Equity and Inclusion

We are committed to ensuring equal opportunity for all. We intend that no job applicant or employee shall receive less favourable treatment, nor be disadvantaged by any conditions or requirements which are irrelevant.

ADZN1_UKTJ