Head of Application Security-GSRM-US

OverviewThis range is provided by SHEIN. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.Base pay range$176,000.00/yr - $288,000.00/yrAdditional compensation typesAnnual Bonus and Stock optionsJob Function: Global Security and Risk ManagementJob Title: Head of Application SecurityJob Location: Singapore or Los Angeles, USAbout SHEINSHEIN is a global online fashion and lifestyle retailer, offering SHEIN branded apparel and products from a global network of vendors, all at affordable prices. Headquartered in Singapore, with more than 16,000 employees operating from offices around the world, SHEIN is committed to making the beauty of fashion accessible to all, promoting its industry-leading, on-demand production methodology, for a smarter, future-ready industry.To learn more about SHEIN follow us at .Position SummaryRole: Head of Global Security and Risk Management (GSRM) – a senior executive within GSRM.The Head of Application Security is responsible for leading the overall strategy, execution and roadmaps of application security and the entire secure software development lifecycle. This leader will head the engineering and SDL teams and work with technology and business partners to mitigate application risks.The role requires deep technical understanding of the full SDL lifecycle, extensive experience in code audit and application security testing, and the ability to collaborate with development, engineering, and business counterparts across a deeply technical environment. This leader will coordinate with application and system developers and owners on all aspects of the SDL lifecycle from planning to operations, ensuring solutions are properly implemented and meet the needs of SHEIN's application footprint and its integrity.Core ResponsibilitiesOversee the application security team (direct and indirect reports, including full-time employees, contractors, MSS staff and external service providers). Includes hiring, training, career development, and performance management.Lead all aspects of SDL and application testing disciplines: threat modeling, application risk assessment, vulnerability management, SAST and DAST tooling, attack surface monitoring, and application penetration testing.Create and update strategies, project plans and policy documents aligned with compliance and operational requests to map to SHEIN's business requirements.Develop and manage security budgets, forecast expenses, and roadmaps for technology, services and vendors.Engage with external agencies as needed to maintain a strong application security posture and technical congruency.Collaborate with development teams to facilitate code audit, solution requirements and technology roadmaps ensuring regulatory and industry standards compliance.Establish credibility as a proactive senior leader and change agent; sustain high-availability service levels and operational objectives.Skills and QualificationsMinimum 10 years of experience in global-scale cybersecurity and development environments with a DevSecOps focus, including at least 5 years in people management.Bachelor’s degree or higher in Engineering, Computer Science, Business Analytics, or related field.Mentoring, motivation, goal-setting, and results-driven leadership skills.Strong knowledge of programming languages, software development lifecycle, and security testing with ability to assess complex application footprints and risk scenarios.Experience building application security metrics, attack surface monitoring, and incident response playbooks.Experience with change management, management reporting, and KPI metrics.Experience with advanced risk engines, algorithms and models for threat detection; ability to translate threats to business context.Ability to manage highly technical staff in a matrix organization; high integrity and mature judgment.Strong business and financial acumen; excellent communication skills. Proficiency in Mandarin is an advantage.Field of Study: Computer Engineering or Science, Information Sciences Technology, Business Analytics, Cyber Security or related fieldsCertifications: Relevant cyber security certifications such as CISSP, CISM, CISA and/or PMP are highly desiredYears of Experience: Generally 10+ years related experience; five or more years in e-commerce and technology field and management capacity preferredBenefits and PerksIndividual compensation is determined by skills, experiences and qualifications.Health Savings Account with Employer FundingFlexible Spending Accounts (Healthcare and Dependent care)Company-Paid Basic Life/AD&D insuranceCompany-Paid Short-Term and Long-Term DisabilityVoluntary Benefit Offerings (Voluntary Life/AD&D, Hospital Indemnity, Critical Illness, and Accident)Employee Assistance ProgramBusiness Travel Accident Insurance401(k) savings plan with discretionary company match and access to a financial advisorVacation-Paid time off9 Paid Holidays/6 Sick DaysEmployee Discounts • Perks (HQ Location)Free weekly catered lunch at HQDog-Friendly officeFree Gym Access at HQFree Swag GiveawaysAnnual Holiday PartyInvitations to pop-ups and other company eventsComplimentary daily office snacks and beveragesFree Shuttle Service from HQ to LA Union StationSHEIN is an equal opportunity employer committed to a diverse workplace environment.Seniority levelDirectorEmployment typeFull-timeJob functionInformation TechnologyIndustriesRetail Apparel and Fashion #J-18808-Ljbffr

Created: 2025-09-17