Senior Director , Cyber Security Enablement & Secure DevOps

Overview

Senior Director, Cyber Security Enablement & Secure Dev Ops leads a global team responsible for developing, implementing, and maturing a broad set of specialized areas within cyber security including Application Security, Sec Dev Ops , Security Engineering, Cloud Security, and Vulnerability Detection and Assessment. Key responsibilities include leading the implementation of security within the software development and IT build lifecycle, focusing on integrating security into CI/CD pipelines, collaborating with development and operations teams to foster a culture of security and enhance security posture, overseeing the deployment and execution of enterprise security controls, determining risk and exposure of security gaps and providing guidance to key stakeholders.

Responsibilities

• Build, oversee, and maintain an enterprise Secure Dev Ops program aligned with business, technology, and security goals, embedding security into the software development lifecycle and enabling secure and resilient development of applications and infrastructure

• Build, oversee, and maintain the Cyber Enablement organization that provides hands-on security execution, security risk management, governance and compliance services for Global Payments entities (business units)

• Design and implement processes to embed security into every stage of the software development lifecycle (SDLC) and CI/CD pipelines

• Drive and lead the automation of security processes and controls, testing (SAST, DAST, etc.), and compliance checks to make security efficient and consistent

• Identify, evaluate, and mitigate security risks and vulnerabilities in applications and infrastructure

• Support security incident response activities from detection to resolution, including post-incident analysis and lessons learned

• Foster a strong security culture by working closely with development and operations teams, providing guidance on secure coding practices, design principles, and sound controls

• Develop and maintain metrics to monitor and report on the effectiveness of security controls, processes, and measure the performance of the program

• Build and prepare updates and/or reports to advise senior leadership on security posture, issues and risks, and overall state of the program

• Ensure compliance with regulatory requirements, industry standards, and best practices, such as NIST, PCI, and SOC

• Retain deep expertise in safeguarding sensitive data, systems, and networks against ever-evolving cyber threats and collaborate closely with executive leadership, IT teams, and other stakeholders to ensure the confidentiality, integrity, and availability of information assets

• Stay updated on emerging threats, vulnerabilities, and industry trends, and proactively recommend and implement appropriate security measures

• Build and manage an operating model that promotes employee growth and accountability, effective delivery of security and processes that support the vision, mission, strategy and values of the Cyber Security, Technology Services and Global Payments Enterprise

• Communicate with all levels of management on security risks, effectiveness, and needs of the program

• Build and maintain strong relationships with key stakeholders, establishing a culture of engagement

• Demonstrate principled leadership, sound business ethics and consistency among principles, values and behavior

• Not an exhaustive list; other duties as assigned

Qualifications

• Bachelor's degree in Computer Science, Information Systems, or a related field; or over 15+ years of industry experience in related roles

• 10+ years of progressive experience in enterprise information security, with a focus on financial organizations and global operations

• Proven experience in leadership roles

• Deep understanding of the software development lifecycle and CI/CD practices

• Expertise in security tools for static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and more

• Strong knowledge of cloud security (AWS, Azure, GCP) and infrastructure as code (IaC)

• Experience with container security technologies like Kubernetes

• Strong understanding of security frameworks and…