Vacancy expired!
- Build, implement, socialize, and manage the Product Security Program, including but not limited to product risk ranking, security testing schedule and program governance.
- Provide product security expertise and leadership while defining and prioritizing product security enterprise initiatives.
- Engage with other information security teams to create management action plans, as a result of product security threat models, penetration tests and other security testing/assessments.
- Create and manage the product security risk assessment and risk response processes.
- Actively participate in product security projects.
- Provide input and support to product development teams throughout the product development lifecycle on a variety of product security requirements, including but not limited to: secure coding and configuration, software testing, third-party component management and security defect management.
- Maintain up-to-date inventory entries for all products, including product lifecycle status, risk profile and relevant reviews conducted.
- Maintain a close relationship with the technical product security testing team to deliver against the strategic priorities and projects.
- Provide advice and insights into the maintenance of product security procedures, directives, and technology controls.
- Assist with the design of a controls framework related to product security that provides the greatest amount of coverage while remaining scalable and efficient.
- Lead third-party risk assessments, completed by the technical testing team.
- Integrate the Product Security Program into the relevant stages of the product development lifecycle.
- Ensure product development teams are adhering to product security requirements by performing design and architecture reviews, validating that information security artifacts are created and align with industry standards and regulations and performing risk assessments.
- Assist with product development remediation and mitigation activities.
- Escalate risk and issues to senior technology or company leadership, as needed.
- Create and report on metrics to the product security steering committee and other business unit stakeholders.
- Maintain current knowledge on existing security procedures, directives and technology controls including application testing, threat modeling and attack, penetration testing, data classification and handling.
- Participate in industry working groups and provide insights back to product development teams on leading practices and regulations.
- Perform project management and change management duties, as assigned.
- Perform critical analysis and develop executive decision support content, as assigned.
- Perform other duties and responsibilities, as assigned.
- 7+ years information security controls, information technology audit or security risk management. 5+ years of experienced required if candidate possesses an advanced degree.
- Experience creating executive level presentations.
- Experience creating business cases to obtain funding and resource approval.
- 2+ years of management and leadership experience, including coaching, consensus building, and ability to effectively manage resources to address competing priorities.
- Ability to manage cross functional teams to achieve desired business results.
- Ability to translate a business agenda into technology terms and vice versa.
- Excellent interpersonal, written and verbal communications skills; demonstrated ability to communicate highly technical concepts to non-technical audiences.
- Strong understanding and experience with information security technologies.
- Ability to adjust to multiple demands, changing priorities, ambiguity, and rapid change, while multitasking effectively.
- Ability to coordinate multiple teams in accomplishing process review and improvement.
- Big Four audit/consulting background.
- Bachelors degree in Computer Science or a related field.
- Masters Degree/Advanced Degree
- Telecom/Cable industry experience
- Product Security experience.
- Professional information security certification (CISSP, CCSP, CSSLP, GICSP, GWAPT, GWEB, etc).
Vacancy expired!