Head of Production Security

CORE PROFILE

The Head of Production Security at Maya Philippines, Inc. is a senior leadership role responsible for defining and executing the company’s application security strategy. This position ensures the security of software applications through robust DevSecOps practices, threat modeling, secure coding, and compliance with regulatory frameworks such as BSP, PCI-DSS, and ISO 27001. Reporting to the CISO or Head of Cybersecurity, the role requires deep expertise in security testing, cloud security, offensive security, and CI/CD security integration. With at least 8 years of experience in application security—3 of which in a leadership role—the ideal candidate possesses strong technical skills, strategic thinking, and the ability to collaborate with development, DevOps, and compliance teams to foster a security-first culture.

NATURE OF WORK

• Develop and execute an application security strategy aligned with business and regulatory requirements.
• Establish security policies, standards, and best practices for application development and deployment.
• Conduct security assessments, threat modeling, and code reviews to identify vulnerabilities.
• Implement and oversee security automation tools such as SAST, DAST, and IAST to enhance secure development.
• Lead and mentor a team of security engineers and analysts to improve security posture.
• Collaborate with development, DevOps, and infrastructure teams to integrate security into CI/CD pipelines (DevSecOps).
• Manage security incident response related to application vulnerabilities and breaches.
• Ensure compliance with regulatory frameworks such as BSP, PCI-DSS, ISO 27001, and NIST standards.
• Engage in security awareness training and promote secure coding practices across teams.
• Stay updated on emerging threats, vulnerabilities, and cybersecurity trends.

DISPLAYED SKILL MASTERY

• Strategic Thinking: Ability to develop and implement long-term security strategies aligned with business goals.
• Technical Expertise: Deep understanding of application security, secure coding, and cybersecurity frameworks.
• Leadership & Team Management: Experience leading security teams and fostering a security-first culture.
• Problem-Solving: Strong analytical skills to identify and mitigate security threats effectively.
• Collaboration: Ability to work closely with cross-functional teams, including Engineering, DevOps, and compliance teams.
• Communication Skills: Ability to articulate security concepts to technical and non-technical stakeholders.
• Adaptability: Stay ahead of evolving security threats and technologies in a fast-paced fintech environment.

EXPECTED RESULTS

• Enhanced Application Security Posture – Ensure all applications are designed, developed, and deployed with strong security controls, reducing vulnerabilities and minimizing risk exposure.
• Successful DevSecOps Integration– Implement security automation within CI/CD pipelines, enabling secure development practices without slowing down software delivery.
• Timely and Quality delivery of product security reviews – Ensure adequate security reviews are performed for all products and services going live and ensure delivery within agreed timeline.
• Regulatory Compliance & Risk Management – Ensure compliance with BSP, PCI-DSS, ISO 27001, and other relevant security frameworks, minimizing regulatory risks and audit findings.
• Proactive Threat Detection & Mitigation– Establish a robust security assessment process, including regular threat modeling, penetration testing, and vulnerability management.
• Security Awareness & Culture Development – Foster a security-first mindset across development, DevOps, and engineering teams through continuous training and best practices.
• Incident Response & Risk Reduction – Lead incident response efforts related to application vulnerabilities, reducing potential breaches and security incidents.
• Innovation & Continuous Improvement – Stay ahead of evolving security threats and emerging technologies to continuously enhance application security strategies.

REQUIRED QUALIFICATIONS

• Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field.
• 8+ years of experience in application security, with at least 3 years in a leadership role.
• Strong knowledge of secure software development lifecycle (SSDLC) and DevSecOps practices
• Experience with security testing tools such as Burp Suite, OWASP ZAP, Veracode, or similar.
• Expertise in authentication, authorization, encryption, and identity management principles.
• Familiarity with cloud security (AWS, Azure, or GCP) and container security (Kubernetes, Docker).
• Relevant certifications such as CISSP, AWS Security Specialty, CISM, OSCP, CEH, or CSSLP are preferred.