Head of Application Security

The Role

Apex Group is seeking a Head of Application Security to lead and mature its global Application Security capability. This senior leadership position is responsible for defining strategy, setting standards, and driving execution across key domains:
Application Security, Dev Sec Ops , AI Security, and Cloud‑Native Application Security Engineering.

• Define and own the global Application Security strategy aligned to Apex’s cyber risk posture and regulatory obligations.
• Ensure developers meet KPI’s and business deliverables.
• Ensure developers keep up with emerging threats and technologies.
• Lead and develop multiple security engineering teams across Application Security, Dev Sec Ops , AI & Data Security, and Cloud & Infrastructure Developer Platform Security.
• Serve as the senior security authority for application, platform, and Dev Sec Ops ‑related design and engineering decisions.
• Ensure security controls are documented and embedded throughout the software development lifecycle (SDLC) and CI/CD pipelines.
• Oversee application threat modeling, secure design reviews, and architecture risk assessments.
• Drive adoption of secure coding standards, automated security testing (SAST, DAST, SCA), and secrets management.
• Provide oversight on cloud‑native and infrastructure security patterns in hybrid and multi‑cloud environments.
• Define security guardrails for AI‑enabled applications, data pipelines, and emerging technologies.
• Partner with Architecture, Engineering, Cloud, and Platform teams to deliver secure‑by‑default solutions.
• Translate security policies and standards into practical, consumable engineering guidance.
• Communicate application and platform risk to senior leadership and governance forums.
• Support audit, regulatory, penetration testing and assurance activities related to application and platform security.
• Execute delegated tasks as deemed appropriate by the Group CISO and other empowered Group Cyber leadership authorities, ensuring timely and effective completion in alignment with organizational priorities.
• Support the Group Cyber Strategy end‑to‑end, driving alignment of all activities, decisions, and deliverables with strategic objectives and business outcomes.

• Application Security:
  Secure software architecture, threat modeling, secure design reviews, vulnerability management, and secure coding practices.
• Dev Sec Ops : CI/CD pipeline security, automation of security controls, integration of security tooling, and developer enablement.
• Cloud & Infrastructure Security:
  Secure cloud‑native architectures, infrastructure‑as‑code security, and platform hardening across hybrid and multi‑cloud environments.
• AI Security:
  Security and governance controls for AI‑enabled applications, data pipelines, and emerging technologies.

Experience

• 10+ years in cybersecurity, software engineering, or platform engineering roles.
• 8+ years in senior management positions within security engineering, architecture, or similar leadership roles, with proven accountability for strategy, team leadership, and delivery of enterprise‑scale security programs.

Technical Expertise

• Strong hands‑on understanding of application security architecture, threat modeling, and Dev Sec Ops  practices.
• Proven experience in securing microservices architecture and API ecosystems.
• Knowledge of Git Lab, Git Hub and API security and integrations.
• Experience securing applications and platforms in cloud environments (Azure, AWS and OCI).
• Deep knowledge of security principles, secure design patterns, and defense‑in‑depth strategies.

Knowledge of Standards

• Familiarity with frameworks such as NIST, ISO
  27001, OWASP, SOC1 and SOC
  2.
• Familiarity with Agile, iterative and incremental development models.

Leadership Skills

• Demonstrated ability to lead, mentor, and develop high‑performing security engineering teams across distributed or multi‑location environments.
• Proven track record influencing senior stakeholders and driving security initiatives aligned with business objectives.

Communication Skills

• Ability to articulate technical risks and security recommendations to both technical and non‑technical stakeholders, including executive leadership and governance forums.

• Relevant certifications: CISSP, CCSP, CSSLP, AWS/Azure Security, or similar.
• Exposure to architecture frameworks (SABSA, TOGAF).
• Experience in financial services or highly regulated environments.
• Familiarity with AI security, data protection, and modern platform engineering models.

• Opportunity to shape and lead a critical global security capability.
• Exposure to enterprise‑scale, cloud‑native, and modern engineering environments.
• Collaboration with senior security, architecture, and technology leaders across the organisation.
• A strong focus on team development, ownership, and career growth.