Job Description

Associate Director — Product & Application Security (EMEA)

Role Purpose

Lead and scale the Product & Application Security program for our products portfolio across EMEA. Own secure-by-design practices from architecture and threat modeling through DevSecOps in CI/CD, vulnerability management, and coordinated disclosure—enabling developer velocity without compromising risk posture. Align to our System Development & Application Security standards and reference patterns.

Key Outcomes

• Establish EMEA-fit Secure SDLC guardrails (requirements → release gating) and publish reference architectures for authentication/authorization, secrets, cryptography, logging, and privacy.

• Embed DevSecOps controls in pipelines (SAST, SCA, secret scanning, IaC/K8s policy-as-code, SBOM generation, artifact signing and provenance) with measurable pass/fail criteria.

• Stand up product vulnerability management with SLA tiers, risk-based triage, and executive reporting.

• Launch an EMEA secure coding enablement track and developer champions program.

• Demonstrate compliance readiness for GDPR/NIS2 and AI-related controls applicable to product features.

Responsibilities

• Own AppSec architecture and threat modeling for high-risk services; review designs and third-party components.

• Define and enforce pipeline security controls; partner with Engineering to shift-left testing and automate gates.

• Govern SBOM standards and software supply-chain risk (open-source hygiene, provenance, signing).

• Lead vulnerability management and remediation orchestration across squads; partner with SRE for runtime hardening.

• Chair the Product Security Review Board for go-live exceptions and risk acceptance.

• Collaborate with Privacy/Legal on data protection by design; align with GRC on policy and control mapping.

• Mentor an EMEA AppSec team; provide matrix leadership across GDC and product squads.

Required Qualifications

• 10+ years in Application/Product Security; 3+ years leading programs at scale.

• Expertise with OWASP ASVS, threat modeling (STRIDE/ATT&CK), API security, and cloud-native architectures (Azure/AWS).

• Hands-on with SAST/SCA/DAST, IaC/K8s policy (e.g., OPA), container scanning, and SBOM tooling.

• Proven stakeholder management with Engineering, Product, and Platform teams.

• Relevant certifications such as CSSLP, CISSP, or CISM (preferred).

Preferred Qualifications

• Experience with AI/ML product risks (prompt injection, model supply chain, dataset governance).

• Familiarity with GDPR, NIS2, and secure disclosure practices.

Key Performance Indicators (KPIs)

• Builds passing security gates (%).

• MTTR for critical vulnerabilities.

• Coverage of threat models and reference patterns.

• SBOM completeness and policy adherence.

• Exception trend and closure rate.

#LI-KS1

We are Grant Thornton
Grant Thornton Ireland is rapidly approaching 3,000 people, in 9 offices across Ireland, Isle of Man, Gibraltar and Bermuda. With a presence in over 149 countries around the world and a global network of 73,000 people, we bring our clients the local knowledge, national expertise and global presence to help them succeed – wherever they’re located.

At GT, we work as trusted advisors, bringing local knowledge and national expertise, with a global presence, to help businesses succeed – wherever they are located. We make business more personal by investing in building relationships and empowering our clients to make the right decisions for their organisation now and for the future. Whether that is working with the public sector to build thriving communities, with regulators and financial institutions to build trust, or with a diverse range of businesses to help them achieve their goals, Grant Thornton Ireland work hard to support clients to act on the issues that matter.

At GT Ireland we don’t just predict your future, we build it
A Career at GT
Looking for a more fulfilling role in professional services? One where fresh thinking, collaboration and diversity are valued? At Grant Thornton we do things differently.

What does this mean for you?
A career in a more inclusive working environment, a more collaborative work culture, a more supported, flexible working role, more possibilities to grow and more opportunities to help shape the future for your clients. We respect and value your experience. And we want you to bring your authentic self to work and be at your best. It is how it should be.

Grow with us
At Grant Thornton, we care about our people and work hard to make you feel valued. If you are looking to deepen and develop your skills, knowledge, and experience throughout your career, then that is what you will get, and more.
Our Benefits
Please follow this link for information on our generous benefits package.