Commercial Technology Infrastructure & Governance Lead

Why APi Group?

At APi Group, our enduring purpose is Building Great Leaders®. We grow our people and our business, invest in the safety and well‑being of our teams and communities, and connect through meaningful relationships that fuel progress. With over 500 locations worldwide, we are a global leader in safety and specialty services, driven by entrepreneurial spirit and a commitment to excellence.

Job Title:
Commercial Technology Infrastructure & Governance Lead

Location:
New Brighton, MN - Onsite

The Commercial Technology Infrastructure & Governance Lead is the global owner of the architecture, governance, and security posture of all externally facing commercial technology platforms. These include customer portals, hosted monitoring systems, IoT platforms, SaaS products, API services, and any technology a customer directly or indirectly interacts with. The primary mission of this role is to prevent cyber incidents by enforcing secure‑by‑design architecture, strong governance, and rigorous assurance across all Operating Companies (OpCos), Countries, vendors, and product teams.

This is a pure governance and architecture role, not an operational delivery or engineering function.

• Own the global reference architecture and design standards for all external commercial platforms.
• Define secure‑by‑design architectural patterns for hosting, integrations, data flows, and cloud usage.
• Review and approve technical designs for new commercial offerings or major enhancements.
• Ensure alignment with enterprise architecture and cybersecurity standards.
• Perform architectural assurance during bids, M&A due diligence, and new product evaluations.

• Ensure all commercial platforms adhere to Group cybersecurity, privacy, and data protection controls.
• Partner with Cybersecurity to assess risks, define required controls, and monitor compliance.
• Validate identity management, network segmentation, encryption, logging, and other critical controls.
• Identify systemic risks across OpCos and drive remediation through governance.

• Ensure 100% of commercial technology platforms undergo mandatory penetration testing.
• Maintain a global pen test register tracking tests, findings, owners, and remediation timelines.
• Partner with Cybersecurity to risk‑rate findings, prioritize remediation, and ensure retesting.
• Escalate overdue critical vulnerabilities and ensure visibility at CIO level.
• Provide quarterly reporting on penetration testing posture and trends.

• Define and maintain change governance requirements for all customer‑facing platforms.
• Ensure high‑risk, customer‑impacting, or architecture‑changing modifications undergo formal CAB review.
• Embed architectural checkpoints into the change process to prevent cyber or stability risks.
• Monitor CAB compliance across OpCos and vendors and elevate repeated non‑compliance.
• Ensure emergency change processes include required cyber‑risk and architecture reviews.
• Provide quarterly change governance and compliance reporting.

• Own the Commercial Technology Infrastructure Governance Framework.
• Chair the Commercial Technology Governance Council with OpCo CIOs, Cybersecurity, and Product leaders.
• Ensure enterprise‑wide adherence to architecture and governance controls.
• Produce governance dashboards highlighting compliance, risks, and remediation progress.

• Serve as Group BRM for commercial technology governance, ensuring OpCos understand and adopt global standards.
• Align OpCo leaders, commercial owners, and product teams on architectural direction and security obligations.
• Act as the escalation point for unresolved governance or architectural risks.

• Deep experience in secure architecture for customer‑facing platforms (cloud, SaaS, IoT, API).
• Strong cybersecurity understanding across identity, network, encryption, and data protection.
• Exceptional governance, assurance, and risk management capability.
• Influential leader capable of…