Vice President - Security Engineering

Role overview

This leadership role sits within the Asset and Wealth Management division, where the focus is on shaping and reviewing security solutions alongside engineering teams to strengthen the organization’s cybersecurity risk posture. The position is central to aligning business goals with strong security practices, helping protect client assets and data while supporting resilience against changing threats.

The aim is to build a coordinated, proactive risk management approach through early-stage design reviews and penetration testing with engineering teams, while also enabling secure technology delivery across Asset and Wealth Management initiatives.

Key responsibilities

• Work directly with Product Management, Engineering, Program Management, and DevOps teams in a practical, hands-on capacity.
• Oversee the security of AWM-managed applications across cloud, web, API, and mobile environments in coordination with central security groups.
• Advise architects, developers, analysts, and other stakeholders on building confidentiality, integrity, resilience, and privacy into platform design.
• Collaborate with business teams to understand requirements, review solution proposals, and spot architectural weaknesses in on-premise and cloud setups.
• Assess the strength of existing controls, identify deficiencies, and suggest improvements to reduce risk and improve the firm’s security posture.
• Guide, mentor, and manage a small team of application security specialists.
• Promote security controls embedded into the SDLC within Agile delivery, including the use of automation tools.
• Conduct secure code reviews and support or carry out penetration testing activities.
• Help implement security-focused product capabilities such as authentication, cryptography, authorization, and service integration.
• Build, maintain, and continuously refine the Technology Risk Program to address emerging threats.
• Ensure the business can meet security-by-design expectations.

Required experience and qualifications

• At least 6 years of experience in secure architecture, application security, risk analysis, or similar areas.
• Strong self-drive, initiative, and the ability to form and sustain long-term working relationships.
• Comfort managing several priorities at once, using sound judgment to assess risk, escalate issues, and prioritize work.
• Ability to engage with highly technical engineers, identify missing controls or gaps, and ensure accountability.
• Solid understanding of security testing methods, tools, and techniques, along with common application vulnerabilities and their remediation.
• Deep knowledge of application security practices, including OWASP, CWE, and cloud-related concepts.
• Practical software development or application penetration testing experience in complex environments is beneficial.
• Ability to balance delivery trade-offs, make decisions independently, and communicate clearly with senior stakeholders, vendors, partners, and technology peers.
• Strong motivation to learn and contribute ideas and solutions to a wider team.

Preferred qualifications

• Background in financial services or fintech.
• Degree at BS or MS level in Computer Science, Cyber Security, Information Security, or a related technical discipline.
• Experience using AI/ML to solve security problems and scale operations.
• Knowledge of secure programming languages such as Python, Java, or Go.
• Experience working with cloud technologies.
• Security certifications such as CSSLP, CISSP, CCSP, or OSCP are an advantage.

About the employer

The organization is a global investment banking, securities, and investment management firm with offices worldwide and a long history of serving clients, shareholders, and communities. It emphasizes professional growth, inclusion, well-being, and access to learning opportunities, networks, and support programs. Reasonable accommodations are available during the hiring process for candidates with disabilities or special needs. The employer is also an equal opportunity employer and does not discriminate on protected characteristics under applicable law.

Additional information

This role is based in Doha, Qatar, and is offered as a full-time onsite position. No salary, opening count, start date, or application deadline was specified in the source.