Product Security Lead

Aven Hospitality is an innovative technology provider powered by SynXis®, the leading global hospitality commerce and distribution platform. We empower hoteliers around the world to exceed expectations, solve daily challenges, and stay ahead of the competition. With our comprehensive portfolio of solutions, hoteliers can manage distribution, retailing, payments, operations, and more. Providing hoteliers the tools to maximize revenue, improve operational efficiency, and deliver personalized guest experiences that drive satisfaction. Our tools are built to seamlessly integrate with each hotelier’s unique strategy, elevating guest satisfaction and creating meaningful connections. We are pioneering AI in hospitality technology to unlock new opportunities, drive efficiency, and personalize the guest experience. By prioritizing stability, scalability, and data-driven insights, we equip hoteliers to adapt and thrive in an ever-changing landscape, ready for whatever comes next.. Product Security Lead The Product Security Lead will own the security of the organization's products and supporting corporate functions and technology throughout the entire lifecycle, from ideation to decommissioning. This role works with the development, IT, and Aven Hospitality business operations teams to drive the Secure Software Development Lifecycle (SSDLC), ensures secure-by-design principles, manages supply chain risks, and addresses emerging threats like AI vulnerabilities and software bill of materials (SBOM) requirements, balancing security with velocity and innovation. This role will act as a subject matter expert (SME) and liaison between cybersecurity and the business team in the implementation of enterprise information security policies, standards, and frameworks. Qualifications Bachelor's degree in Cybersecurity, Computer Science, Software Engineering, or a related field (Master's preferred) 7+ years of experience in cybersecurity, with at least 4 years focused on product security, application security, or secure development programs Proven track record implementing SSDLC in agile/DevOps environments, including threat modeling (e.g., STRIDE) and tool integration Strong knowledge of web, mobile, cloud-native, and API security, plus supply chain risks (e.g., SBOMs, SLSA) Excellent leadership and communication skills to influence product roadmaps and educate cross-functional teams Aptitude for understanding internal organizational environments and products and their relationship to the external business environment Ability to develop a full and deep understanding of the Aven Hospitality business operations and product suite Able to effectively analyze risk within the context of business problems Preferred Skills And Certifications Certifications such as CISSP, CSSLP, OSCP, CASE, or relevant AppSec/DevSecOps credentials are highly desirable Experience with identifying AI security risks Familiarity with AI governance in products, software supply chain hardening, and automated vulnerability management Responsibilities Serve as an initial point of contact and liaison between the Cybersecurity team and other Aven Hospitality business departments for security related topics (non-incidents) Partner with product, commercial, and development teams to get strategic security projects prioritized and committed on the development roadmap Participate in cybersecurity compliance work and risk and security assessments Lead the implementation and maturation of the Secure Software Development Lifecycle (SSDLC/SDL), integrating security activities such as threat modeling, secure coding standards, SAST/DAST/SCA scanning, and penetration testing into DevSecOps pipelines Partner with GRC and SOC teams for product security risk assessments, vulnerability management, and incident response for product-related vulnerabilities Coordinate software supply chain security, including SBOM generation, third-party component risk analysis, and emerging AI Bill of Materials (AI BOM) practices for AI-integrated products Collaborate with product owners, managers, engineering, and DevOps teams to embed security requirements, conduct architecture reviews, and champion secure-by-design principles Evaluate and integrate AppSec tools (e.g., SAST, DAST, SCA, IAST) and automate security controls in CI/CD workflows Drive compliance with secure development standards (e.g., OWASP, ISO 27001) and regulatory requirements for product security (e.g., PCI-DSS, EU AI Act, DORA) Partner with GRC team for security training for developers, product teams, and stakeholders on current threats, including AI-generated code risks an