Reporting into the Chief Information Officer (CIO) Team with a mindset and focus on Development Security Operations, imbedding security throughout the Systems Development Life Cycle (SDLC), providing advice on regulations as they apply to security in application development, expert in application security principles, risks, attacks, and resources such as Open Web Application Security Project (OWASP)
Lead CIO team member responsible for tools related to dynamic scans, static source code reviews, and application penetration testing e.g. BlackDuck, WhiteHat, Veracode, Nexpose, Wiz
Advisor on application development architectures, platforms, methodologies, and supporting operations
Advisor on web proxies, web application firewalls, and vulnerability assessment tools
Provide consultation services to business units, Project Management Office (PMO), and developers during the early phases to ensure secure application design.
Perform ongoing consultative analytical tasks in partnership with Information Technology (IT) to ensure the upmost security in in-house developed applications, mobile applications, and third-party applications
Plan, test, and deploy security controls to augment Quality Assurance (QA) and Change Management functions
Contribute to the incident response analysis including updates to related documentation i.e. policies, standards, guidelines, procedures, and escalation processes
Participate in developing data protection controls in general
Perform additional duties and projects as assigned by management
Qualifications
Bachelor’s degree in Information Security or equivalent years of experience required
Minimum three (3) years Risk Management experience required in an Information Technology environment or related discipline (Information Security, Business Continuity Management or Compliance)
Certified Information Systems Security Professional (CISSP) certification preferred; SANS and other Information Security related certification a plus
Network and Endpoint security experience required; IDS, IPS, ATP, Malware defenses and monitoring experience
Demonstrated experience with firewall and system configuration and event log monitoring required
Knowledge and experience with common information security management frameworks, such as International Standards Organization (ISO) 17799/27001 and the IT Infrastructure Library (ITIL), Control Objectives for Information and Related Technology (CobiT) and National Institute of Standards and Technology (NIST) frameworks
Excellent troubleshooting and analytical thinking skills
Superb communication, interpersonal skills and collaborative skills a must
Self-directed, self-starter, and motivated with the ability to work with minimal supervision
Available to work evenings and weekends as needed
How strong is your resume?
Upload your resume and get feedback from our expert to help land this job
How strong is your resume?
Upload your resume and get feedback from our expert to help land this job