This Job Vacancy has Expired!

Director of Information Security/DevSecOps

Posted on Sep 6, 2020 by Request Technology - Craig Johnson

Virginia, VA
IT
Immediate Start
Annual Salary
Full-Time


*We are unable to sponsor for this permanent Full time role*

*Position is Bonus eligible*

Prestigious Enterprise Company is currently seeking a Director of DevSecOps. Candidate will lead and manage the secure software development team. This will include designing, building, and managing a scalable threat modelling framework, leveraging automation to integrate Application Security into the Continuous Integration/Continuous Deployment (CI/CD) pipeline, and act as the product owner of application security automation platform.

Responsibilities:

DevSecOps

Lead a team responsible for conducting static code analysis, threat modelling, and developer training program

Develop and execute secure software development strategy for the enterprise, including policies, standards and governance

Manage and design automation to integrate Application Security into various CI/CD across the enterprise

Develop communications program for application threats and external and internal security events

Improve and expand application security risk posture and processes across the enterprise

Create and supports metrics that report application risk posture and progress over time

Manage continuous release planning and execution and integrate with security design and engineering work across multiple groups and technical constituencies

Leadership

Develop and maintain relationships across technology organization, the security industry, peer organizations and other entities as necessary to benchmark Company Application Security program and keep current in best practices

Build a high-performance team

Develop and mentor staff and managers to achieve career goals and maintain leadership succession planning

Leads cross-functional teams to define objectives, strategies and domain performance metrics

Evaluate and utilize outside consultants to support security capabilities

Qualifications

Bachelor's degree in related field (Business, Information Services, IT, Information Security, etc.); Master's preferred

10 years of escalating managerial work-experience in a highly diversified organization. 10+ years of increasing responsibility and work complexity to include progressive management roles in large, complex organizations.

At least 5 years of experience with Applications Security, including familiarity with the leading tool-sets supporting Application Security (dynamic and static)

At least 2 years of experience with product design, delivery, and ownership and threat modelling

Deep experience in enabling organizations with DevSecOps

Deep experience with establishing and executing application security strategy

Strong experience in static code analysis and third-party software composition analysis

Strong experience in establishing and rolling out Threat Modeling enterprise wide that can be consumed by developers and engineers

Strong experience building security communities across the enterprise through evangelism and training programs

Knowledge of common information security management frameworks, including but not limited to: ISO

27001/27002, ITIL, COBIT and NIST

Professional security management certification, such as a Certified Information Systems Security Professional

(CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is desired




Reference: 943581600

Set up alerts to get notified of new vacancies.