Head of Platform Security

WHAT MAKES US, US

Join some of the most innovative thinkers in FinTech as we lead the evolution of financial technology. If you are an innovative, curious, collaborative person who embraces challenges and wants to grow, learn and pursue outcomes with our prestigious financial clients, say Hello to SimCorp!

At its foundation, SimCorp is guided by our values — caring, customer success-driven, collaborative, curious, and courageous. Our people-centered organization focuses on skills development, relationship building, and client success. We take pride in cultivating an environment where all team members can grow, feel heard, valued, and empowered.

If you like what we’re saying, keep reading!

WHY THIS ROLE IS IMPORTANT FOR US

As Head of Platform Security, you will lead a team of more than 10 security engineers, ensuring the security of the software development lifecycle and cloud platform services. Overseeing more than 1,000 developers and complex CI/CD pipelines, you will be responsible for securing applications and infrastructure by embedding security best practices, proactive vulnerability management, and automated security testing, including SAST and DAST.​

Your role includes managing penetration testing, participating in TLPT, SOC collaboration and requirements, and driving incident response on Services (SIRP/SIRT), ensuring compliance with NIST standards and safeguarding client environments, as well as adhering to all the global financial outsourcing frameworks for parts relating to security. Collaborating closely with development, DevOps, and cloud teams, you will integrate security throughout the SDLC, drive risk mitigation strategies, and ensure continuous monitoring and improvement of security controls at scale.​

WHAT YOU WILL BE RESPONSIBLE FOR
 

Application & Platform Security​

• Oversee security across the SDLC, ensuring secure development practices for more than 1,000 developers​
• Oversee SAST, DAST, and automated security testing to identify and remediate vulnerabilities across internal as well as external facing deliveries​
• Manage application and cloud security for CI/CD pipelines, infrastructure-as-code, and platform services.​
• Ensure proactive vulnerability management and secure coding practices across engineering teams.​
   

Security Operations & Incident Response​

• Lead interaction and requirements for SOC operations, Security Incident Response Planning (SIRP), and Security Incident Response Team (SIRT).​
• Oversee penetration testing, and participate in TLPT, and red teaming to identify and mitigate security risks.​
• Monitor emerging threats and ensure continuous improvement of security detection and response capabilities.​
   

Regulatory Compliance & Risk Management​

• Ensure compliance with NIST standards and financial sector security regulations, including DORA, MAS, TX-RAMP, and others.​
• Manage security requirements for outsourcing, third-party risk management, and resilience frameworks.​
• Collaborate with auditors, regulators, and external stakeholders to maintain compliance and security governance.​
   

Cyber Program Leadership & Collaboration​

• Lead a large cyber program for platform security, ensuring alignment with organizational security goals.​
• Work closely with development, DevOps, and cloud teams to embed security in the SDLC and platform services.​
• Drive security awareness initiatives to promote a security-first culture among developers and engineers.​
• Define and implement security policies, frameworks, and best practices to strengthen the overall security posture.

WHAT WE VALUE
 

• 8+ years of experience in platform security and technical leadership roles.
• Proven track record of overseeing security across the SDLC for large-scale development teams.
• Extensive experience in managing SAST, DAST, and automated security testing.
• Strong background in application and cloud security for CI/CD pipelines and infrastructure-as-code.
• Demonstrated ability to lead SOC operations, SIRP, and SIRT.
• Proven experience in conducting penetration testing, TLPT, and red teaming.
• Deep understanding of NIST standards and financial sector security regulations.
• Skilled in managing security requirements for outsourcing and third-party risk management.
• Excellent communication skills, with experience collaborating with auditors, regulators, and external stakeholders.
• Ability to lead a large cyber program and align security goals with organizational objectives.
• Strong collaborative skills, with experience embedding security in the SDLC and platform services.
• Ability to drive security awareness initiatives and implement security policies and best practices.

BENEFITS

Attractive salary, bonus scheme, and pension are essential for any work agreement. However, in SimCorp, we believe we can offer more. Therefore, in addition to the traditional benefit scheme, we provide a good work and life balance: flexible working hours and a hybrid workplace model. On top of that, we have IP sprints where you have 3 weeks per quarter you can spend on developing your skills as well as contributing to the company development. There is never just only one route - we practice a personalized approach to professional development to support the direction you want to take

NEXT STEPS

Please send us your application in English via our career site as soon as possible, we process incoming applications continually. Please note that only applications sent through our system will be processed. At SimCorp, we recognize that bias can unintentionally occur in the recruitment process. To uphold fairness and equal opportunities for all applicants, we kindly ask you to exclude personal data such as photo, age, or any non-professional information from your application. Thank you for aiding us in our endeavor to mitigate biases in our recruitment process.

If you are interested in being a part of SimCorp but are not sure this role is suitable, submit your CV anyway. SimCorp is on an exciting growth journey, and our Talent Acquisition Team is ready to assist you discover the right role for you. The approximate time to consider your CV is three weeks.

We are eager to continually improve our talent acquisition process and make everyone’s experience positive and valuable. Therefore, during the process we will ask you to provide your feedback, which is highly appreciated.

WHO WE ARE

For over 50 years, we have worked closely with investment and asset managers to become the world’s leading provider of integrated investment management solutions. We are 3,000+ colleagues with a broad range of nationalities, educations, professional experiences, ages, and backgrounds.

SimCorp is an independent subsidiary of the Deutsche Börse Group. Following the recent merger with Axioma, we leverage the combined strength of our brands to provide an industry-leading, full, front-to-back offering for our clients. SimCorp is an equal-opportunity employer.

We are committed to building a culture where diverse perspectives and expertise are integrated into our everyday work. We believe in the continual growth and development of our employees, so that we can provide best-in-class solutions to our clients.

#Li-Hybrid