At On, our technology moves as fast as our runners: always evolving, always pushing boundaries. We're building a world-class platform to ignite the human spirit through movement, and our Information Security team is the trusted guardian of that mission.

We are seeking a Head of Security Platforms & Architecture to lead the technical security strategy across all engineering domains—cloud, platform, application, and data. This role requires a leader with deep architectural judgment, a passion for enablement, hands on experience and the ability to define the security guardrails that scale our business securely.

The Head of Security Platforms & Architecture exists to define and drive a unified security architecture that protects On’s platforms, applications, identities, and data while enabling rapid, safe innovation across a cloud-native landscape. By leading the technical vision for secure engineering and establishing scalable, automated, and developer-friendly security patterns—including IAM, DevSecOps, API security, data protection, and AI security—this role embeds security into the core of how our technology is built and operated. Its mission is to ensure that strong, frictionless security foundations accelerate On’s digital growth and support our ambition to move fast, securely.

• Security Architecture & Governance: Own the enterprise security architecture across cloud, platform, applications, APIs, and data. Define secure patterns and guardrails, lead technical governance, and align target-state architectures with business and technology strategy.

• Security Engineering & Platforms: Lead Security Engineering—including DevSecOps, AppSec, and platform security—to deliver scalable automation, secure CI/CD, and reusable security tools. Set technical strategy for API, data, and AI security.

• IAM & Application Security Strategy: Shape IAM strategy and architecture, driving least privilege and modern authorization models. Define the AppSec framework and enable engineering teams to embed security seamlessly into the SDLC.

• Leadership: Set the multi-year roadmap, develop high-performing leaders, and act as the primary technical security authority partnering with all technology teams.

• You are a proven security leader and architect with a track record of driving large-scale, cross-functional security initiatives. Your background demonstrates a focus on strategy, engineering, and enablement, rather than day-to-day operations.
• You bring 15+ years of technical security experience, including 5+ years in senior architecture or engineering leadership roles
• You possess deep hands-on expertise in Cloud Security Architecture, DevSecOps, AppSec, IAM, and API Security domains
• You have strong architectural judgment and the ability to define and enforce secure patterns at scale
• You are comfortable leading technical governance, risk assessments, and defining multi-year roadmaps
• You have exceptional communication and influencing skills, with a proven ability to build strong, collaborative relationships with Infrastructure, Platform, Data, and Engineering leaders
• Experience with AI/ML Security Governance Controls and data protection patterns is a strong advantage