Head of Application Security

The Apex Group was established in Bermuda in 2003 and is now one of the world’s largest fund administration and middle office solutions providers.

Our business is unique in its ability to reach globally, service locally and provide cross-jurisdictional services. With our clients at the heart of everything we do, our hard-working team has successfully delivered on an unprecedented growth and transformation journey, and we are now represented by over circa 13,000 employees across 112 offices worldwide.Your career with us should reflect your energy and passion.

That’s why, at Apex Group, we will do more than simply ‘empower’ you. We will work to supercharge your unique skills and experience.

Take the lead and we’ll give you the support you need to be at the top of your game. And we offer you the freedom to be a positive disrupter and turn big ideas into bold, industry-changing realities.

For our business, for clients, and for you

The Role

Apex is seeking a Head of Application Security to lead and mature its global Application Security capability.  This is a senior leadership position responsible for defining strategy, setting standards, and driving execution across key domains: Application Security, DevSecOps, AI Security, and Cloud-Native Application Security Engineering.

As the Apex’s senior authority for secure software and platform delivery, you will ensure that security is embedded by design throughout the technology lifecycle—enabling engineering teams to innovate rapidly and safely while maintaining compliance with regulatory and business requirements.

Key Responsibilities

• Define and own the global Application Security strategy aligned to Apex’s cyber risk posture and regulatory obligations.
• Ensure developers meet KPI’s and business deliverables.
• Ensure developers keep up with emerging threats and technologies.
• Lead and develop multiple security engineering teams across Application Security, DevSecOps, AI & Data Security, and Cloud & Infrastructure Developer Platform Security.
• Serve as the senior security authority for application, platform, and DevSecOps-related design and engineering decisions.
• Ensure security controls are documented and embedded throughout the software development lifecycle (SDLC) and CI/CD pipelines.
• Oversee application threat modelling, secure design reviews, and architecture risk assessments.
• Drive adoption of secure coding standards, automated security testing (SAST, DAST, SCA), and secrets management.
• Provide oversight on cloud-native and infrastructure security patterns in hybrid and multi-cloud environments.
• Define security guardrails for AI-enabled applications, data pipelines, and emerging technologies.
• Partner with Architecture, Engineering, Cloud, and Platform teams to deliver secure-by-default solutions.
• Translate security policies and standards into practical, consumable engineering guidance.
• Communicate application and platform risk to senior leadership and governance forums.
• Support audit, regulatory, penetration testing and assurance activities related to application and platform security.
• Execute delegated tasks as deemed appropriate by the Group CISO and other empowered Group Cyber leadership authorities, ensuring timely and effective completion in alignment with organizational priorities.
• Support the Group Cyber Strategy end-to-end, driving alignment of all activities, decisions, and deliverables with strategic objectives and business outcomes.

Areas of Specialization

• Application Security: Secure software architecture, threat modeling, secure design reviews, vulnerability management, and secure coding practices.
• DevSecOps: CI/CD pipeline security, automation of security controls, integration of security tooling, and developer enablement.
• Cloud & Infrastructure Security: Secure cloud-native architectures, infrastructure-as-code security, and platform hardening across hybrid and multi-cloud environments.
• AI Security: Security and governance controls for AI-enabled applications, data pipelines, and emerging technologies.

Required Experience & Skills

• Experience:
  • 10+ years in cybersecurity, software engineering, or platform engineering roles.
  • 8+ years in senior management positions within security engineering, architecture, or similar leadership roles, with proven accountability for strategy, team leadership and delivery of enterprise-scale security programs.
• Technical Expertise:
  • Strong hands-on understanding of application security architecture, threat modeling, and DevSecOps practices.
  • Proven experience in securing microservices architecture and API ecosystems.
  • Knowledge of Gitlab, GitHub and API security and integrations.
  • Experience securing applications and platforms in cloud environments (Azure, AWS and OCI).
  • Deep knowledge of security principles, secure design patterns, and defense-in-depth strategies.
• Knowledge of Standards:  
  • Familiarity with frameworks such as NIST, ISO 27001, OWASP, SOC1 and SOC2.
  • Familiarity with Agile, iterative and incremental development models.
• Leadership Skills:
  • Demonstrated ability to lead, mentor, and develop high-performing security engineering teams across distributed or multi-location environments.
  • Proven track record influencing senior stakeholders and driving security initiatives aligned with business objectives.
• Communication Skills:
  • Ability to articulate technical risks and security recommendations to both technical and non-technical stakeholders, including executive leadership and governance forums.

Qualifications

• Relevant certifications: CISSP, CCSP, CSSLP, AWS/Azure Security, or similar.
• Exposure to architecture frameworks (SABSA, TOGAF).
• Experience in financial services or highly regulated environments.
• Familiarity with AI security, data protection, and modern platform engineering models.

What will you get in return:

• Opportunity to shape and lead a critical global security capability.
• Exposure to enterprise-scale, cloud-native, and modern engineering environments.
• Collaboration with senior security, architecture, and technology leaders across the organisation.
• A strong focus on team development, ownership, and career growth.

Disclaimer: Unsolicited CVs sent to Apex (Talent Acquisition Team or Hiring Managers) by recruitment agencies will not be accepted for this position. Apex operates a direct sourcing model and where agency assistance is required, the Talent Acquisition team will engage directly with our exclusive recruitment partners.