Head of Application Security-GSRM-US

Job Function

Global Security and Risk Management

Job Title

Head of Application Security

Job Location

Singapore or Los Angeles, US

About SHEIN

SHEIN is a global online fashion and lifestyle retailer, offering SHEIN branded apparel and products from a global network of vendors, all at affordable prices. Headquartered in Singapore, with more than 16,000 employees operating from offices around the world, SHEIN is committed to making the beauty of fashion accessible to all, promoting its industry-leading, on-demand production methodology, for a smarter, future-ready industry.

To learn more about SHEIN follow us at sheingroup.com.

Position Summary :

SHEIN Global Security and Risk Management (GSRM) is a global security organization that oversees security infrastructure, risk management, data privacy, business fraud, governance, and regulatory compliance across SHEIN's global footprint. It is composed of a team of security professionals, innovators and thought leaders that have had decades of global security experience, led large scale transformations, and served in Fortune 500 executive roles.

Here, innovation isn't simply about protecting and empowering our company. We develop solutions that are practical today and scalable tomorrow; and we create collaborative teams dedicated to innovation across each of our businesses to share our common values and vision.

The Head of Application Security, a senior executive residing within GSRM, is responsible for leading the overall strategy, execution and roadmaps of application security and the entire secure software development lifecycle. This position will lead the team of engineering and SDL experts and work with technology and business partners and units to mitigate application risks.

This leader should have a deep technical understanding of the full SDL lifecycle and extensive experiences in code audit and application security testing. He or she must be familiar with industry standards and best practices, and must be able to effectively work with development, engineering, and business counterparts, across a broad deeply technical environment in the development world. This role will coordinate with application and system developers and owners on all aspects of SDL lifecycle through planning, feasibility analysis, design, development, testing to implementation and operations. This leader will also assist their leadership with ensuring all solutions and technologies are properly

supported, implemented, and sufficiently met the needs for which they are deployed to protect SHEIN application footprint and its integrity.

Core Responsibilities :

• Oversee the application security team, consisting of direct and indirect reports (including full time employees, contractors, MSS staff and external service providers personnel). This includes hiring, training, career development, and performance management.
• Lead all aspects of SDL and application testing disciplines, including but not limited to threat modeling, application risk assessment, vulnerability management, SAST and DAST tooling, attack surface monitoring, and application penetration testing.
• Create and update new strategies, project plans and policy documents based on compliance and operational requests that map to SHEIN's business requirements
• Develop and manage security budget forecast, expense, and technology, service and vendor roadmaps.
• Liaise with external agencies, such as law enforcement, standards and technology organization, advisory bodies and industry and peer working groups as necessary, to ensure that the organization maintains a strong application security posture and technical congruency.
• Work directly with development teams to facilitate code audit, solution requirements and technology roadmaps to ensure compliance with industry and regulatory standards.
• Establish credibility throughout the organization by earning the reputation for being a proactive senior leader and change agent.
• Sustain high-availability service levels and ensure fulfillment of business-wide service levels and operational support objectives.

Skills and Qualifications :

Education Level

Bachelor's Degree

Field of Study

Computer Engineering or Science, Information Sciences Technology, Business Analytics, Cyber Security or related fields

Certifications : Relevant cyber security certifications, such as CISSP, CISM, CISA and / or PMP are highly desired

Years of Experience

Generally requires 10+ years related experience. Five or more years in an e- commerce and technology field and management capacity preferred

Benefits and Perks

$220,000 / year-$360,000 / year + benefits

Individual compensation is determined by skills, experiences and qualifications.

SHEIN is an equal opportunity employer committed to a diverse workplace environment.