(Cybersecurity) Head of Middleware Platform Security

This role is within a global organization in the financial sector, responsible for defining and driving the security strategy for middleware platforms at a global scale.

• Minimum 5 years of hands-on experience with middleware technologies (e.g., WebSphere, WebLogic, Apache, nginx, Node.js)
• Proven experience in middleware platform security
• At least 2 years of experience leading technical teams
• Strong understanding of security standards, including CIS benchmarks
• Excellent stakeholder management skills
• Ability to translate complex technical topics into business-friendly language
• Strong analytical and problem-solving skills
• Experience managing budgets and resources
• Proactive, adaptable, and comfortable delegating and empowering teams

Nice to have:

• Experience in regulated environments (e.g., financial services)
• Familiarity with global data protection regulations (e.g., GDPR)
• Experience working with auditors and regulators

Middleware platform security:

• Define and maintain secure configuration baselines for middleware platforms including IBM WebSphere Application Server, WebSphere MQ, WebSphere Portal, Apache HTTP Server, Apache Tomcat, Oracle WebLogic Server, nginx, and Node.js
• Collaborate with middleware subject matter experts to establish security standards, develop and implement compliance checks, and define remediation guidance
• Develop and execute a middleware security strategy aligned with enterprise and security architecture, regulatory expectations, and industry best practices
• Own and prioritize the capability backlog based on business value
• Monitor performance through KPIs and security metrics
• Work closely with Service Owners, Technology/Platform Owners, Cybersecurity and Architecture teams, and Audit and regulatory stakeholders
• Manage vendor relationships for owned technologies
• Support and respond to security incidents
• Own and manage selected risk, audit, and regulatory items

Leadership & collaboration:

• Lead and develop a team of security professionals
• Foster a culture of innovation, collaboration, and continuous improvement
• Partner with senior leadership to align cybersecurity initiatives with business goals
• Manage budget and ensure effective resource allocation
• Influence global technology and security decisions