Application Security Manager
- Location: New York City, NY
- Job Type: Contract
- Ref No: 19-06321
- Date: October 23, 2019
Job Description - Application Security Manager
Strategy & Planning
The Application Security Manager (Secure Code) will be required to coordinate and manage a range of complex, technical, and/or strategic and operational activities for operating, managing, and evolving the Secure Coding/Application Security Testing program for the Firm. The Application Security Manager will be responsible for ensuring that the applications in use meet the standards of industry security best practices. This means managing the operation, supporting application developers in securing their applications, and providing regular reporting on KPI to various oversight bodies. Additionally, the Application Security Manager will look for opportunities to improve the program such as applying automation where appropriate, evaluation of the effectiveness of SAST/DAST/OSA tools, NVA program services, or identifying opportunities to augment the team capabilities with external subject matter expertise. This role is instrumental in driving key initiatives from a budget management, operational excellence and team planning perspective. The program manager role requires an ability to lead, influence, prioritize, communicate, and execute to a schedule and budget.
Some of your key responsibilities include:
- Coordinate the strategic development, operational planning and implementation of multiple programs within the secure coding portfolio and its underlying projects, and ensure they are aligned to overall strategy.
- Responsible for providing recommendations regarding short and long-term strategies including cost/benefit analysis of Cyber Security Application Security infrastructure, tools, and personnel
- Participate in developing annual and long-term operating budget and strategic initiatives for Cyber Application Security Team
- Provide strategic advice to the appropriate oversight and leadership teams to improve the daily management of the group
- Provide strategic and Operational Governance within the Program to ensure risks, costs and benefits of a program are fully realized.
- Negotiate with project sponsor and other stakeholders to define project success criteria and disseminate them to involved parties throughout the project life-cycle.
- Organize program teams and identify roles and responsibilities of each team member.
- Negotiate the scope and approach, and act as liaison between appropriate groups/individuals and vendors/contractors.
- Identify risks gaps, provide oversight, and define areas of improvement for the program
Execution & Delivery
- Drive execution of complex programs from requirements to production with an in-depth understanding of program objectives and priorities to anticipate potential trouble-spots and financial impact of delays
- Identify and manage cross-project dependencies and overall program critical path
- Establish, implement, develop, and control best practices for Application Security testing, working with Application Owners, Developers, Cyber & Risk staff
- Actively represent Cyber Application Security testing policy & practices in systems technology working groups for application development and risk.
- Responsible for liaising with corresponding systems & business owners to prioritize project-based work
- Plan and allocate resources to meet the team's current and future work priorities
- Develop consistent, regular reporting of KPIs to demonstrate health of operation and to provide transparency to risks posed by vulnerabilities in our applications
- Anticipate priorities and ensuring clear communication and information flow to meet business objectives
- Drive the problem resolution analysis and preparation of approaches and procedures
- Coordinate critical tasks for Application Security activities including SAST, DAST, OSA, and NVA.
- Act as a point of contact between staff, stakeholders, and senior management
- Meet with senior leadership and external vendors to monitor progress on key initiatives
- Co-ordinate and contribute to Executive Committee meetings, identifying strategic issues for consideration
- Work closely with the CISO Leadership Team to solve problems, mediate issues and implement decisions.
- Provide business analysis support to the staff to help improve the effectiveness and efficiency of Application Security Testing program
Financial Control Management
- Monitor and track resource and financial requirements for the Application Security organization long term initiatives including monthly, quarterly, and annual monitoring of progress against the plan
- Ongoing cost management and resource planning
- Oversee all financial planning, new spend planning, budget controls needed to realize the fiscal and delivery goals
- Ensure that the financial management tools are being utilized
- Ensure that the key budgets and forecasting are efficiently and fully implemented
- BA or Equivalent
- 5+ Yrs of related professional experience
- Ability to work across all levels of the organization
- In-depth knowledge of Finance, Administration and Project Management.
- Knowledge and experience with a wide range of Application Security Testing tools
- Ability to work in high energy and visible environments.
- Strong analytic and interpersonal skills
- Demonstrated ability to work in a matrixed environment
- Excellent influencing and negotiating skills
- Ability to work across all levels of the organization
- Strong executive communication skills.
- Hands-on management of a team/group
- Experience working with 3rd party security vendors to perform penetration testing a plus
- CISSP, SSCP, Security+, CEH or similar a plus
- OWASP training/familiarity
- Working knowledge of IT Security principles and practices
What We Offer:
- A collaborative environment that enables you to step outside your role to add value wherever you can
- Direct access to clients, information and experts across all business areas around the world
- Opportunities to grow your expertise, take on new challenges, and reinvent yourself—without leaving the firm
- A culture of inclusion that values each employee's unique perspective
- High-quality benefits program emphasizing good health, financial security, and peace of mind
- Rewarding work with the flexibility to enjoy personal and family experiences at every career stage
- Volunteer opportunities to give back to your community and help transform the lives of others