As a trusted member of the Information Technology Services team, the ITS Agile Application Security Manager will provide leadership for the overall Application Security framework and associated technical resources who are responsible for leading the development, implementation and maintenance of the Application Security program across all development teams.
In addition, this role will develop strategic partnerships with key stakeholders for the department built on trust, expertise, integrity and a shared mutual interest to protect Oliver Wyman Group - our clients, our reputation and our assets.
Key roles and responsibilities
Designs, develops, operates and manages security strategies, policies and programs to assess, prioritize, and mitigate business risk with technical and non-technical controls
Responsible for embedding security early into the software development lifecycle through the delivery of secure development training and the incorporation of static code analysis and dynamic application security testing within the continuous integration / continuous deployment pipeline
Designs and performs security assessments of systems to ensure they are operating securely, and that data is protected from both internal and external attacks.
Ensures compliance to policies and procedures. Makes recommendations for preventive measures as necessary
Manages the application vulnerability management process that ensures regular security testing of applications to identify network, infrastructure, and configuration vulnerabilities, and consistently tracks remediation of identified vulnerabilities
Collaborates with development teams to identify and develop security champions and certifying non-security professionals on security concepts to embed application security expertise and advocacy within existing software development and quality assurance teams
Provide support to strategic initiatives, programs, and projects by identifying information security risks, collaborating with project teams on determining and implementing mitigating controls, tracking timely remediation of issues
Provide oversight, coordination and management of Security & Risk projects
Provide security consulting and subject matter expertise with the evaluation, selection and implementation of new IT systems from risk, compliance and information security controls perspective
Support Director of ITS Security & Risk on improving overall service and solutions across the firm
Skills and credentials
Excellent follow-up skills with attention to detail and ability to multi-task, have leadership presence, strong team-orientation and interpersonal skills, flexibility, and strong analytical skills
Certifications in one of more of the following is a plus : Certified Information Systems Security, Professional (CISSP), Certified Ethical Hacker (CEH), Certified Secure Software Lifecycle Professional (CSSLP) or other equivalent certifications
Track record of interfacing with and presenting results to senior management
Possesses a comprehensive understanding of how risk management processes and other IT functions collectively integrate to contribute towards achieving business objectives
Project management experience with a proven track record for managing security projects
Excellent written and verbal communication skills
Excellent planning and organizational skills
Excellent customer client service orientation
Polished and professional demeanor
Occasional travel to other offices and firm events
We're looking for someone who has application development experience combined with an understanding, implementation and automation of Information Security and Secure Coding principles.
Minimum of 5 years of experience in Information Security with proven experience managing and implementing information security solutions
Bachelors’ degree in Computer Science is required
To apply please send us your CV in English