Director of Product Security

The ExecutiveDirector ofProduct SecurityatCandescentwill lead the strategic direction, development, and execution of the enterprise-wideproduct andapplication security program with specialized focus onCandescent’sSaaS products serving regulatedenterprises.

This roleis responsible forembedding security into the software development lifecycle (SDLC) and AI development lifecycle (AIDLC), partnering with engineering, product data science, AI/ML engineering, and infrastructure teams to ensure securesoftwaredesign, development, and deployment ofCandescentapplications. The ideal candidate will be a visionary leader with deep technical expertise insecuringsoftwaredevelopmentlifecycles,shift-leftsecurity,AI/MLapplicationsecurity, strong business acumen, regulatory complianceawareness, and a proven track record of building and scaling secure development practices in complex Saas and AI-driven environments.

Key Responsibilities and Deliverables

Strategic Leadership

• Define and drive theproduct,application and AI/ML security strategy aligned withCandescent’sbusiness and riskobjectivesfor regulatedenterprise clients.

• Lead the development and execution of secure SDLC and AI development lifecycle (AIDLC) practices across all engineering and data science teams.

• Serve as a trusted advisor to senior leadership on application security risks, AI/ML security risks,platform security,model governance, trends, and mitigation strategies.

• Participate in the establishment ofAI security governance frameworks that meet regulatory requirements (EU AI Act, NIST AI RMF, ISO 42001).

• Develop security strategies for supply chain, third-party integrations, LLM/GenAI implementations, and SBOMgeneration(Software Bill ofMaterials).

Program Development & Execution

• Build and mature the application security program, including threat modeling, secure coding, code reviews, and security testing across traditional applications and AI/ML systems.

• Develop andmaintainsecurity standards, policies, and guidelines forsecureapplication development, secure coderepository controls,andassociatedAI modelintegration.

• Oversee the integration of security tools (SAST, DAST, SCA, IAST, RASP) and AI security tools (model scanning, adversarial testing, data poisoning detection, model monitoring) into CI/CD and ML pipelines.

• Implementindustry leadingDevSecOpspractices and secure AI pipeline architectures.

• Establish data governance and privacy controls fordevelopment andtraining data, includingsensitivedatahandling and data lineage tracking.

Collaboration & Enablement

• Partner withInformation Security,DevOps, Engineering, Data Science, ML Engineering, and Product teams to ensure security is embedded early and continuously.

• Lead security champions programsfordeveloper and data scientist training initiatives to foster a security-first culture with securityawareness.

• Collaborate with GRC, Risk, and Compliance teams to ensure regulatory and policy alignment specific to regulations and industry-specific requirementsthat apply to product and application development(HIPAA, SOC 2, GDPR, CCPA,AI,etc....).

• Work closely with customer-facing teams to address clientproductsecurity requirements and regulatory audit needs.

• Partner with legal and compliance teams onrelevantproduct security andAIcompliance.

Risk Management & Incident Response

• Identifyand prioritize application and AI security risks through assessments, penetrationtesting, redteamingand threat intelligence.

• Conduct specific risk assessments including adversarial attacks,threatmodeling, prompt injection, data exfiltration risks, etc.

• Lead response efforts for application-related and AI security incidents and vulnerabilities.

• Provide executive-level reporting on application and AI security posture, KPIs, and risk metrics with regulatory reporting capabilities.

• Participate inthird-party vendor security assessments and AI supply chain riskwhen.

Qualifications and Experience

• Bachelor’s degree in computer science, Information Technology, or equivalent

• 10+ years of experience incloud-firstsoftware developmentenvironmentswith aninformation securityfocus, with at least 5 years inproductsecurity leadership roles.

• Deep understanding of modern application architectures (e.g.microservices, containers, APIs, cloud-native) and AI architectures.

• Hands-on experience with secure coding practices, threat modeling, and vulnerability management including AIspecific threat modeling.

• Proficiencywith security tools such as SAST, DAST, SCA, and container security platforms plus AI security tools.

• Strong knowledge of OWASP Top 10, OWASP ML Top 10, OWASP LLM Top 10, CWE, CVE, and secure development frameworks.

• Experience working in Agile/DevOps environments and integrating security into CI/CD and ML pipelines.

• Proven ability to lead cross-functional teams and influence at all levels of the organization.

• Deep understanding of regulatory compliance requirements for SaaS products serving highly regulated industries.

Preferred Distinctions

• Advanced degree in Computer Science, Cybersecurity, or related field.

• Relevant industry certifications,and/orsecuritycertificationsas a plus.

• Experience with cloud security (AWS, Azure, GCP) and infrastructure-as-code security.