Senior Director, ISO

Infor have an exciting opportunity for a Senior Director ISO who will be responsible for securing all products and platforms used by 65,000 customers worldwide, operating at enterprise scale across cloud, AI, and modern development ecosystems.

This role will be responsible for driving the strategy, architecture, and implementation of security controls across the software development lifecycle (SDLC) to protect enterprise applications, cloud infrastructure, and data. The role will lead the transformation of application security across DevSecOps, threat modelling, and vulnerability management, while partnering with development and operations leadership to align on strategy and priorities.

A Day in the Life Typically Includes:

• Drive a team of talented security analysts, setting the standard for excellence in application security across a global software portfolio.
• Be the go-to SME for development, product, and business teams - embedding security into every stage of the SDLC, from design through deployment.
• Partner with engineering and data science teams to embed security into AI/ML pipelines, generative AI features, and agentic systems. Address emerging risks including prompt injection, model supply chain integrity, training data protection, output handling, and the OWASP Top 10 for LLM Applications.
• Champion secure design and testing practices aligned with OWASP Top 10, API Security Top 10, OWASP ASVS, and OWASP LLM Top 10 standards.
• Advance modern application security initiatives - shift-left automation, software supply chain security (SBOMs, SLSA, dependency integrity), secrets management, IaC scanning, container and Kubernetes security, and ASPM/CSPM integration.
• Align secure coding principles with development priorities, create actionable roadmaps, and report on risk posture to executive stakeholders.
• Evolve frameworks and policies to meet emerging threats, regulatory shifts, and compliance requirements (SOC 2, ISO 27001, FedRAMP, GDPR, EU AI Act, NIST AI RMF).
• Review DAST, SAST, IAST, SCA, and secrets-detection findings; triage and drive remediation of vulnerabilities before release.
• Guide CI/CD security integration, threat modelling at scale, and developer enablement programs that make secure development the default path.
• Act as a thought leader across the enterprise, mitigating risk and partnering with engineering leadership on architecture and platform decisions.

Basic Qualifications:

• leading application security programs at scale, ideally within a large software or SaaS organization.
• Experience of Azure and AWS cloud-native security services and architectures.
• Experience of AI/ML security - securing generative AI features, LLM-integrated applications, model APIs, and AI development pipelines. Balance tactical fixes with strategic vision.
• Communication skills to translate complex technical issues into clear business insights for technical and executive audiences.
• Experience in Secure SDLC frameworks and modern security toolsets (SAST, DAST, IAST, SCA, ASPM, secrets scanning, IaC security).
• Experience with software supply chain security practices and standards (SLSA, SBOM, signed artifacts).
• Certifications such as CISSP, CISM, CCSK, CCSP, OSCP, GWAPT, or AI/ML security credentials are a plus.