Cloud-Native Application Protection Platform (CNAPP) Product Owner

The opportunity

Own the end-to-end strategy and adoption of EY’s Cloud-Native Application Protection Platform (CNAPP) - spanning posture (CSPM), identity (CIEM), workload/runtime (CWPP/KSPM), IaC/image scanning, and data posture (DSPM). You will align global business and technology stakeholders, rationalize the tool portfolio (e.g., Microsoft, Wiz, Qualys, Aqua), drive adoption, and measure risk reduction and time-to-value at scale. Responsible for providing strategic direction, cross-functional coordination, and management for the CNAPP program. Aligns program objectives with organizational priorities and defines success metrics. Champions the program across the organization, facilitates stakeholder engagement, and drives towards customer value outcomes.

Key Responsibilities

• Own the end-to-end lifecycle of the Cloud-Native Application Protection Platform (CNAPP) from strategy, roadmap, and architecture through deployment, operations, and ongoing optimization.
• Drive global adoption and enablement of CNAPP by developing guidance, documentation, and engagement programs that support business and technology teams.
• Collaborate cross-functionally with business, architecture, engineering, security, DevOps, and product teams to embed CNAPP capabilities—such as workload protection, vulnerability management, compliance monitoring, and cloud entitlement management—into cloud-native application workflows.
• Define and uphold platform governance, policies, and best practices to ensure consistent, robust protection of cloud assets and data.
• Continuously evolve the CNAPP strategy and roadmap by monitoring use case value realization, technology trends, and industry best practices.
• Establish and measure success through key performance indicators (KPIs) focused on use case effectiveness, adoption, and value realization. Incorporate platform health metrics in partnership with technical teams.
• Deliver executive-level insights and recommendations on CNAPP strategy, roadmap progress, value delivery, risks, dependencies, metrics, and change management initiatives.

Qualifications

• 10+ years of experience as product owner/manager in cloud security or adjacent domains with a track record of business impact.
• Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field—or equivalent experience.
• Technical fluency with the ability to engage credibly on architecture, APIs, data models, and engineering constraints. Strong grounding in security, privacy, and accessibility principles, and the ability to translate complex technical concepts for non-technical and executive audiences.
• Exceptional cross-functional program leadership, communication, and stakeholder management skills within a global organization. Demonstrated ability to align cross-functional stakeholders across information security, technology, and client-facing teams through influence and relationship-building. Skilled at coaching, delegation, and fostering team growth.
• Strategic planning capability to develop a 12–18 month CNAPP vision and translate it into an outcome-driven roadmap with clear quarterly objectives and measurable results.
• Strong business acumen with a proven ability to engage and communicate effectively with diverse audiences, from executives to practitioners.
• Track record of delivering results in complex, fast-paced environments—managing multiple priorities, leading cross-functional initiatives, and driving adoption at scale.
• 10+ years of experience in information security, cloud security, or cloud architecture, including at least 5 years focused on cloud-native platforms (AWS, Azure, GCP).
• Deep understanding of CNAPP capabilities, including container and serverless security, API protection, and cloud workload protection.
• Hands-on familiarity with leading security tools and platforms such as CSPM, CWPP, CIEM, IaC scanning, DSPM, runtime threat detection, and vulnerability management.
• Relevant professional certifications (e.g., CISSP, CCSP, Azure Security Specialty) highly preferred.
• Knowledge of regulatory and industry frameworks (e.g., ISO 27001/2, ISO 27017, GDPR) and cloud compliance requirements preferred.

What We Offer You

The compensation ranges below are provided in order to comply with United States pay transparency laws. Other geographies will follow their local salary guidelines, which may not be a direct conversion of published US salary ranges. At EY, we’ll develop you with future-focused skills and equip you with world-class experiences. We’ll empower you in a flexible environment, and fuel you and your extraordinary talents in a diverse and inclusive culture of globally connected teams. Learn more.

• We offer a comprehensive compensation and benefits package where you’ll be rewarded based on your performance and recognized for the value you bring to the business. The base salary range for this job in all geographic locations in the US is $152,700 to $294,000. The base salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is $183,300 to $334,100. Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options.
• Join us in our team-led and leader-enabled hybrid model. Our expectation is for most people in external, client serving roles to work together in person 40-60% of the time over the course of an engagement, project or year.
• Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances. You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.

Are you ready to shape your future with confidence? Apply today.

EY accepts applications for this position on an on-going basis.

For those living in California, please click here for additional information.

EY focuses on high-ethical standards and integrity among its employees and expects all candidates to demonstrate these qualities.

EY | Building a better working world

EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets.

Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow.

EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law.

EY is committed to providing reasonable accommodation to qualified individuals with disabilities including veterans with disabilities. If you have a disability and either need assistance applying online or need to request an accommodation during any part of the application process, please call 1-800-EY-HELP3, select Option 2 for candidate related inquiries, then select Option 1 for candidate queries and finally select Option 2 for candidates with an inquiry which will route you to EY’s Talent Shared Services Team (TSS) or email the TSS at ssc.customersupport@ey.com.