At Access we love software and how technology never stays the same. It's this obsession that drives us to work closely across sectors to understand the business needs of our customers - from professional services to manufacturing to not for profits and more. We're passionate about helping our customers stay one step ahead of the challenges facing their industry and business. That's why over 1 million users and over 10,000 organisations rely on Access software to help their organisation thrive. Our recruitment and onboarding software delivers a seamless, no-nonsense experience that gets candidates in the door faster. Fully compliant and designed to cut through the red tape, it ensures every new employee’s journey starts on the right foot. We offer a flexible, hybrid working environment where you can balance work and life while maintaining a strong office team-based culture. We deliver on what we say, taking the development of our people seriously. We’ll work with you to progress your success plan and provide opportunities to accelerate your career. Position Summary: We are seeking a highly skilled and dynamic Director of Product Security to lead and shape the security strategy for our products across multiple environments. You must have a strong technical background with hands-on experience in Product Security disciplines and associated technologies. You will be responsible for driving the secure development lifecycle (SDLC) with an emphasis on automation, and ensuring that security measures align with best practices for cloud, infrastructure, and product engineering. The ideal candidate will have a strong foundation in traditional data centre infrastructures and be well-versed in modern cloud and DevSecOps technologies. The role requires a combination of technical knowledge, leadership, and the ability to partner with other teams to ensure security is deeply integrated into the product development process at all levels. Key accountabilities and responsibilities: • Lead the Product Security team, focusing on building and scaling security practices across the organisation. • Oversee and enhance the Secure Software Development Lifecycle (SSDLC), ensuring that security is embedded in every stage of the development process. • Drive the implementation and integration of tooling such as SCA (Software Composition Analysis), SAST (Static Application Security Testing), CSPM (Cloud Security Posture Management), Infrastructure Vulnerability Scanning tools, and ASPM (Application Security Posture Management). • Implement and optimise security practices such as scaling the defining of Security Requirements and Threat Modelling to proactively identify and prevent potential risks. • Develop and enforce security standards and policies for both traditional data centre infrastructure and cloud environments (AWS, Azure). • Collaborate closely with Product Engineering, DevOps, and Cloud Engineering teams to ensure security is integrated into development and operation phases. • Ensure that KPIs are tracked and met and report on these regularly to senior management and the Board. • Oversee Product Security team budgets. • Oversee Access Groups Penetration Testing programme. • Assess and manage security risks across the entire product lifecycle, providing actionable insights and recommendations for improvements as well as using these to define and adjust future strategies. • Ensure regulatory compliance and adherence to security best practices (GDPR, ISO27001, SOC2, PCI DSS, OWASP). • Mentor and develop team members, fostering a culture of security awareness and continuous improvement. Key performance indicators: • Security Tool Adoption & Integration / Automation Coverage. • Compliance Adherence for in-scope Products. • Employee Training & Awareness through a Product Engineer training view. • Security Posture Improvement & Security Technical Debt Reduction. • Team Performance & Development. Skills, knowledge, experience & qualifications: • 5+ years of experience in a technical leadership role within security, with a strong background in DevSecOps / Application Security. • Proven hands-on experience with tools security tooling such as SCA, SAST, CSPM etc. • Solid understanding of traditional data centre infrastructure, as well as experience with modern cloud technologies (AWS, Azure). • Deep knowledge of OWASP and expertise in Threat Modelling and risk assessment techniques. • Deep understanding of what constitutes a Secure Software Development Lifecycle (SSDLC) and how to implement this in a pragmatic way within agile environments. • Strong technical knowledge of security vulnerabilities, secure coding practices, and techniques to mitigate SaaS related risks. • Ability to manage cross-functional teams, influence stakeholders, and drive security initiatives in a collaborative manner. • Strong communication and interpersonal skills to interact with both technical and non-technical teams. • Familiarity with industry standards and frameworks, including OWASP, NIST, ISO 27001, and CIS. • A comprehensive understanding of deploying tools such as Armorcode, Mend, SonarQube and Prisma Cloud • Excellent communication and interpersonal skills, with the ability to build rapport and influence stakeholders at all levels of the organisation. • Analytical mindset with the ability to interpret data and metrics to measure security programme effectiveness to inform decision-making. • Experience working in a fast-paced, dynamic environment with the agility to adapt to changing business needs. What does Access offer you? We are a growing software company and we deliver on what we say we do! We take the development of our people very seriously! We will work with you to carve out your success plan and an opportunity to accelerate your career and make a real difference. • Healthy, friendly, and inclusive culture • Work - life balance • Hybrid/Remote working • Flexible working hours • Competitive salary package • Great Holiday Package (starting from 25) • Charity day – day off paid by the company for volunteering activities • Private Healthcare & Life Insurance • Sport Allowance • Meal tickets • Referral Bonus • Christmas Bonus • Big Break – all-inclusive holiday paid by the company • Other benefits At Access we’re all about helping everyone Love Work, Love Life and Be you. Why? Because we believe people can only be their best when they can be themselves. So, if you are excited about this role, but your past experience doesn’t match perfectly, we’d still love to hear from you. You might just be who we are looking for. We love the fact that we’re all different. We believe by having more diverse perspectives at work improves how we run our business, helps us to better support our customers, and when you think about it, it’s just more fun! What’s holding you back? Come and be part of our Amazing Access Family! Love Work. Love Life. Be You.