## **Our purpose is to make it easy for people to save and invest for a better future. We are looking for great people to join us, so please come and invest in YOUR future at Hargreaves Lansdown.**We know that sometimes people can be put off applying for a job if they don't tick every box. If you're excited about working for us and have most of the skills or experience we're looking for, please go ahead and apply. We’d love to hear from you!About the role# The Head of Application and Product Security is a strategic leadership role responsible for safeguarding the application landscape and digital products within HL. This pivotal position ensures that security is embedded throughout the software development lifecycle and product innovation pipeline, providing assurance to clients, regulators, and stakeholders during a period of significant digital transformation and on an ongoing basis. The role will champion secure-by-default/design principles, drive security best practices, and lead a high-performing team in the context of ambitious cloud adoption, agile delivery, and regulatory evolution. The role balances strategic vision with operational oversight, ensuring security resilience and enabling the firm’s growth aspirations.**What you’ll be doing*** Provide strategic leadership, direction and vision for all aspects of application and product security across the firm’s digital portfolio, products and services.* Establish, communicate, and maintain security policies, standards, and practices for code, applications, APIs, customer platforms, and digital products.* Embed security by design, threat modelling, and secure coding practices across agile and DevOps teams, ensuring alignment with regulatory requirements (FCA, GDPR, etc).* Oversee the secure development lifecycle, from requirements and design to testing, deployment, and ongoing operation, ensuring risk mitigation at every stage.* Lead, mentor, and develop a team of application and product security professionals, fostering a culture of continuous improvement and innovation.* Advocate for security across the product lifecycle by aligning strong security practices with strategic goals and user experience, while engaging with diverse teams to understand and support their needs.* Collaborate with product management, digital, and engineering functions to enable secure innovation and accelerate digital transformation.* Develop and maintain application security architecture, reference models, and automation in line with cloud-first and hybrid environments (AWS, Azure, etc).* Commission and manage security testing (SAST, DAST, pen testing, Interactive testing, Mobile testing, bug bounties), triage vulnerabilities, and drive remediation efforts with development teams.* Report to executive leadership and the board on application security posture, risk, compliance status, and improvement initiatives.* Champion employee awareness and secure coding education, both within technology teams and across the wider business.* Engage with external partners, vendors, and industry groups to benchmark best practice and represent the firm’s interests.* Lead the offensive security function looking after penetration testing, red /purple team exercises and bug bounty programme.**About you*** Extensive leadership experience in application and/or product security, ideally within the wealth management, financial services or fintech sectors.* Track record of building and leading security teams in complex, regulated, and digitally transforming environments.* Expertise in secure software development lifecycle (SSDLC) and experience embedding security into agile, DevOps, and CI/CD environments.* In-depth technical knowledge of application security architecture, cloud platforms (AWS, Azure, GCP), microservices, APIs, and identity/access management.* Strong familiarity with modern programming languages, frameworks, and security vulnerabilities (e.g., OWASP Top Ten, SANS 25).* Proven experience driving digital transformation initiatives, including migration of legacy applications to cloud-native platforms and adoption of SaaS/PaaS solutions.* Understanding of UK financial regulations, GDPR, and industry standards (ISO 27001, NIST, PCI DSS, etc).* Experience running risk assessments, threat modelling, and security testing programmes.* Ability to engage and influence senior stakeholders, balancing security with commercial and operational priorities.* Strong communication, coaching, and stakeholder management skills. Able to translate complex security concepts for both technical and non-technical audiences* Demonstrable commitment to ongoing professional development and keeping pace with the evolving security landscape.Qualifications* Relevant degree in computer science, information security, or a related field (or equivalent professional experience).* Professional certifications such as CISSP, CSSLP, CASP+, CASE, CASS, CISM, CCSP, or SABSA preferred. Also, any OffSec certification would be advantageous.* Additional certifications in cloud security (CCSK, AWS/Azure Security Specialty) and agile/DevOps environments beneficial.**Interview process**3 stage interview process – CISO meet | Technical Interview | Leadership/ Culture.**Working Schedule**Based out of our Bristol office. This role is permanent, full time, 37.5 hours per week, Monday to Friday. Subject to location we could consider remote working with a trip to the office once a month.Here at HL, we’re the UK’s number 1 investment platform for private investors, based in Bristol. For more than 40 years we’ve helped investors save time, tax and money on their investments.To achieve our mission, we believe we have a workplace like no other, with constant learning, dynamic teams, and a great ethos. We're steered by core values that promote service, quality, innovation, and opportunity in everything we do.* Discretionary annual bonus\* and annual pay review* 25 days\* holiday plus bank holidays and 1-day additional Christmas closure* Option to purchase an additional 5 days holiday\*\** Flexible working options available, including hybrid working* Enhanced parental leave* Pension scheme up to 11% employer contribution* Income Protection and Life insurance (4 x salary core level of cover)* Private medical insurance\** Health care cash plans - including optical, dental, and outpatient care* Health screening programme* Help@hand - confidential support including mental health counselling and remote GP* Wellhub - unlimited access to fitness providers and wellness coach sessions* Variety of travel to work schemes with bike storage and shower facilities* Inhouse barista and deli serving subsidised coffee and sandwiches* Two paid volunteering days per year\* dependant on role level\*\* only available to select during our annual benefits window, in November each year*Hargreaves Lansdown is an inclusive employer that values diversity in its workforce. We encourage applications from all individuals without regard to race, religion, gender, sexual orientation, national origin, disability or age.**This role may also be available on a flexible working or part time basis – please ask the Recruitment & Onboarding team for more information.**Please note, we are unable to provide employment sponsorship to candidates.*Hargreaves Lansdown is the UK's number one platform for private investors. Our purpose is to empower people to save and invest with confidence, and today, we are trusted with more than £120 billion by over 1.7 million clients.We are based in the heart of Bristol now with over 2,000 colleagues. We believe we have a workplace like no other, with constant learning, dynamic teams and a great ethos. We're steered by our core values that promote service, quality, innovation, and opportunity in everything we do.For more information about careers at HL and to see all our vacancies, please visit our .
#J-18808-Ljbffr