Description As the API Standards & Compliance Lead, you will define, implement, and enforce enterprise-wide API governance frameworks that ensure consistency, security, and scalability across all APIs. This strategic role focuses on establishing API design standards, lifecycle governance, and compliance policies aligned with industry best practices and regulatory requirements. You will partner closely with Enterprise Architecture, Security, Platform Engineering, and Developer Experience teams to advance an API-first strategy and enable seamless integration across the enterprise.
What You'll Do
Governance Framework & Standards
- Define and maintain enterprise-wide API design and governance policies aligned with architecture principles and industry standards (OpenAPI, REST, GraphQL).
- Establish naming conventions, versioning guidelines, backward compatibility expectations, deprecation/retirement policies, and documentation standards.
- Run the API Governance Board (reviews, approvals, waivers) and maintain the governance operating model and RACI.
- Author and maintain reference architecture, standards playbooks, and reusable policy templates.
Lifecycle Governance & Platform Integration (Apigee X)
- Design and oversee API onboarding workflows via the Developer Portal, ensuring proper documentation, cataloging, and discoverability.
- Define governance processes integrated with Apigee X for publishing, runtime policies (e.g., quotas, rate limiting), and analytics.
- Ensure consistent use of API products, proxies, and catalogs; promote high-quality API definitions and reusability.
Security & Regulatory Compliance
- Implement governance for security patterns (OAuth2, JWT, JWKS, mTLS) using Apigee X and Ping Identity.
- Align APIs to regulatory requirements (e.g., Open Banking, PSD2, HIPAA, GDPR) and enterprise security standards.
- Partner with Risk, Compliance, and Security Engineering to define control objectives, evidence, and auditability (e.g., NIST, ISO 27001, SOC 2).
Developer Experience & Enablement
- Collaborate with the API Gateway and DevEx teams to optimize portal usability, API discoverability, and policy adoption.
- Create artifacts (cheat sheets, checklists, sample OpenAPI specs, policy catalogs) that accelerate compliant delivery.
Analytics, Metrics & Continuous Improvement
- Define and track governance KPIs (e.g., % APIs compliant, time-to-approve, policy adoption rates, security defect trends).
- Use Apigee Analytics and Google Cloud Platform monitoring to identify gaps and refine standards based on data insights and evolving business needs.
Risk, Audit & Controls
- Establish controls and evidence for audits (design-time and runtime), including conformity checks against policy and standards.
- Coordinate remediation plans for non-compliant APIs; manage waivers/exceptions with clear time-bound conditions.
Requirements Qualifications - Required- 10+ yearsin IT, including strong API development/governanceexperience.
- 5+ yearsin API governance or platform leadershiproles (enterprise scale).
- Deep familiarity with OpenAPI/Swagger, REST fundamentals, GraphQL design considerations, and API lifecycle management.
- Hands-on experience with security standards(OAuth2, JWT, JWKS, mTLS) and regulatoryframeworks (Open Banking/PSD2, HIPAA, GDPR).
- Experience with Apigee Xon Google Cloud Platform(or similar API management platforms like Kong, MuleSoft, AWS API Gateway, Azure APIM) from a governance/architectureperspective.
- Demonstrated ability to write clear policies, standards, and procedures; facilitate governance forums; drive alignment across stakeholders.
- Strong communication, stakeholder management, and change managementskills.
Qualifications - Preferred- Google Cloud Platform certifications(e.g., Cloud Architect); Apigeecertifications a plus.
- Experience with Ping Identityintegration and enterprise IAM.
- Familiarity with Google Cloud Platform services(Cloud Armor, IAM, VPC networking) and platform security controls.
- Background in DevSecOps, CI/CD automation, and policy-as-code for API compliance.
- Experience improving API portals, catalogs, and developer experience, including analytics-driven enhancements.
Core Competencies- Strategic thinking and policy design
- Enterprise architecture alignment
- Risk and compliance mindset
- Stakeholder facilitation and influence
- Data-driven continuous improvement
- Clear, concise technical writing and storytelling
Technology Doesn't Change the World, People Do.
Robert Half is the world's first and largest specialized talent solutions firm that connects highly qualified job seekers to opportunities at great companies. We offer contract, temporary and permanent placement solutions for finance and accounting, technology, marketing and creative, legal, and administrative and customer support roles.
Robert Half works to put you in the best position to succeed. We provide access to top jobs, competitive compensation and benefits, and free online training. Stay on top of every opportunity - whenever you choose - even on the go. Download the Robert Half app and get 1-tap apply, notifications of AI-matched jobs, and much more.
All applicants applying for U.S. job openings must be legally authorized to work in the United States. Benefits are available to contract/temporary professionals, including medical, vision, dental, and life and disability insurance. Hired contract/temporary professionals are also eligible to enroll in our company 401(k) plan. Visit roberthalf.gobenefits.net for more information.
2025 Robert Half. An Equal Opportunity Employer. M/F/Disability/Veterans. By clicking "Apply Now," you're agreeing to Robert Half's Terms of Use and Privacy Notice.
Never miss an opportunity! Create an alert based on the job you applied for.