VP, Product Security Architecture Leader

Job Description:

The VP, Product Security Architecture will lead the strategy, design, and execution of Synchrony’s product and application security architecture program, ensuring security is embedded into the lifecycle of agents, applications, platforms, and SaaS services. This role leads a team of Application Security Architects who perform application security risk assessments, secure design and engineering advisory, threat modeling, risk management, and monitoring remediation through closure.

This leader will be both visionary and pragmatic—driving secure-by-design outcomes across modern architectures (cloud-native, APIs, microservices) and emerging capabilities, including AI-enabled products and services
. The VP will establish security architecture direction and governance for AI Security (model, data, and application-layer risks) and SaaS security architecture (selection, onboarding, configuration, integrations, and continuous control assurance). Exceptional communication skills are required to influence technology decisions and foster a security-first culture across Product, Engineering, and Enterprise stakeholders.

• Develop, communicate, and execute a comprehensive product/application security architecture strategy aligned with business objectives, risk appetite, and regulatory requirements within the financial services sector.
• Partner closely with senior leaders across Product, Engineering, Enterprise Architecture, IT, Risk Management, Compliance, and Business Units to embed security architecture principles into product roadmaps, SDLC/CI-CD practices, platform modernization, and key initiatives.
• Drive a security-first approach that anticipates emerging threats, trends, and innovations (including AI and SaaS) to ensure resilient and forward‑looking product security architecture.
• Collaborate with AI/innovation, data, and engineering teams to embed secure‑by‑design practices into AI product delivery, including threat modeling for AI‑driven features and integrations.

• Lead the design, development, and deployment of scalable security architecture patterns for applications and product platforms, including APIs, microservices, data flows, identity, cryptography, and secure logging/monitoring.
• Develop and implement specialized product security architecture frameworks for AI‑enabled applications and services, including secure design requirements for:
  • model and prompt interaction surfaces (where applicable)
  • data privacy and sensitive data handling across AI workflows
  • access controls and authorization for AI features and data
  • integrity protections and misuse/abuse considerations (e.g., adversarial inputs, model manipulation where applicable)
• Define, implement, and enforce product/application security architecture standards, policies, and frameworks based on industry best practices (e.g., NIST CSF, CRI, CIS Controls, OWASP) to ensure consistency, compliance, and operational effectiveness.
• Provide security architecture guidance and decision support to engineering teams—including tradeoffs, compensating controls, and secure reference architectures—to enable secure delivery at speed.
• Define security architecture guidance for AI‑related third‑party services and platforms, including integration patterns, data sharing constraints, and control expectations.

• Conduct and operationalize advanced threat modeling and application security risk assessments to proactively identify vulnerabilities and guide architectural decisions that mitigate risks to critical financial assets and data.
• Ensure consistent evaluation of risks across authentication/authorization, session management, secrets management, data protection, API security, third‑party components, and supply chain exposures.

• Establish governance to document, prioritize, and manage application/product security risks and architecture exceptions, including risk acceptance and time‑bound remediation expectations.
• Monitor remediation progress to…