Title: Information Security Sr. Manager, Application Security
Department: IT Security
Reports to: CISO
Supervises: IS Sr. Analyst, IS Analyst
Responsible for working with the information security management team to administer the Company’s information security programs; maintain Sarbanes-Oxley, HIPAA, and PCI DSS compliance programs; and support a variety of security systems and applications. Recommends, designs, implements, and administers information security controls that meet dynamic tactical and strategic information security objectives.
Responsible for managing the application security team and associated program including, but not limited to: application security standards definition, publication, awareness and training, and compliance; application security testing, tracking, reporting, and escalation; application security regulatory compliance management; application security risk monitoring, analysis, and reporting; application security risk mitigation planning and coordination; and budget planning, invoice management, personnel management, financial management, vendor relationship management, etc.
Duties and Responsibilities:
Knowledge, Skills, and Abilities:
Work Experience and/or Education:
College degree or equivalent experience in information security with a minimum six years information security experience, focused on application security. Active CISSP, CISA, or CISM certification preferred.
Extensive hands-on experience in static and dynamic application security testing using a variety of manual testing methods, commercial and non-commercial tools, best-practice security frameworks (e.g., OWASP ASVS), etc.
Extensive experience holistically managing application security risk associated with architecture, design, operations, and support.
Foundational experience with host operating systems, networking principles, web application firewalls, and associated security controls; network/system vulnerability scanning tools; security information and event management (SIEM); privileged user management (PUM); and governance risk and compliance (GRC).