Product Security - Director

About the Team

Equity, diversity and inclusion
At Grant Thornton, we provide equitable opportunities for all our colleagues. We are a responsible, sustainable business where equity, diversity and inclusion (ED&I) is at the forefront of our workplace culture agenda, and today, we continue to build and develop on our existing ED&I structure and strategy to meet our workplace culture needs. People are at the heart of our business and teams built with varied individuals present diverse viewpoints, which need to be heard and valued. We are all at our best when we are able to be ourselves and we view integrity and authenticity as integral values to bring to our day-to-day work-life at the firm. Diversity of thought, background and experience enables better decision-making, improves the quality of our delivery, and helps us to meet the needs of our clients. Our firm is built on people and their ideas, so we want to hear all the new perspectives and fresh thinking you have to offer. You form the bedrock of our firm's best-practice principles and we will champion you as leaders from day one.
Reward and benefits
Our reward and benefits are designed to create an environment where our people can flourish. We are committed to building a culture where our people have access to the necessary benefits to help promote a healthy lifestyle and thrive.
Recognition
We want to create a culture of recognition and celebrating success, by saying thank you to people who surpass our expectations and recognising the right values and behaviours. Our Shout Out recognition scheme is our way of highlighting and promoting achievements. Whether you simply want to say thank you, celebrate a special occasion or give an award for doing something exceptional, you can do all of this and more through the scheme.

Job Description

Product Security - Director

Role Purpose

Own the regional Product Security strategy and operating model for EMEA, aligned to our global standardized security organization and delivery center model. Build the roadmap, investment cases, governance forums, and talent plan to mature the program across multiple product lines and partners.

Key Outcomes

Publish a 3 year Product Security strategy with capability and maturity targets, funding, and OKRs.

Stand up a regional Product Security PMO, intake workflow, and exception governance.

Land a unified metrics framework (engineering friction, risk reduction, cost of control).

Build a talent plan (hiring, upskilling, rotations) consistent with standardized role tiers.

Responsibilities

Executive ownership of Secure SDLC, DevSecOps, software supply chain, and vulnerability management outcomes.

Chair EMEA Product Security Council; drive policy updates and risk waivers.

Budget and vendor management; optimize platform/tooling and managed services.

Sponsor developer enablement at scale; define incentives and embed security champions.

Partner with CTO, Platform, Data/AI, Privacy/Legal, and GRC leaders across regions.

Required Qualifications

12-15+ years in security with 5+ years leading product security at portfolio scale.

Proven record delivering business aligned security outcomes and influencing senior engineering leaders.

Deep command of cloud native architectures, SDLC, and EMEA risk/compliance (GDPR/NIS2).

Preferred Qualifications

Experience leading global delivery center (GDC) models and multi vendor ecosystems.

Certifications: CISSP, CISM, CSSLP; exceptional executive communication.

Key Performance Indicators (KPIs)

Release risk trend and MTTR.

Exception aging and closure rate.

Job Info

• Job Identification 114363
• Job Category -
• Posting Date 01/28/2026, 10:32 AM
• Degree Level Bachelor's Degree
• Job Schedule Full time

Note: The original description included extensive contextual material about Grant Thornton Ireland, its values and benefits. This refined version preserves the core job-related information (title, role purpose, outcomes, responsibilities, qualifications, KPIs, and basic job info) while removing duplicative and non-essential boilerplate. It also converts to a clean, accessible structure using only the allowed HTML tags.