Job Description: SummaryReporting to the Director, Architecture & Engineering this incumbent has broad management responsibility for developing and implementing a comprehensive enterprise cyber security engineering program that includes the oversight and execution of the application security and process engineering discipline. This incumbent is responsible for oversight of the Security Systems Lifecycle Management process including identification of inefficiencies and vulnerabilities within IT management processes consistent with Architecture & Engineering goals, industry standards, and technology resources. The ideal candidate possesses a unique blend of project management and technical skill. The candidate will lead and drive key security workflow automation and remediation management efforts. They will partner with supporting resources to meet key strategic objectives, produce various required deliverables and support all required planning efforts while working to evolve an effective, comprehensive process. The role collaborates with peer GIS groups, Mobility teams, end user computing group, internal business partners, and third parties to align resource assignments with incoming project demand and ongoing operations. Responsible for the development and alignment of the mobile and endpoint security technology roadmap in accordance with strategic GIS goals. Remote/Virtual location is possible.
Responsible for development, oversight of implementation and ongoing operation of Security Systems Lifecycle Management
Mentor, coach, develop and support team members of the Application Security Engineering group.
Develop strategy for a global, scalable, and optimal set of security solutions to support Security Systems Lifecycle Management
Partner with key technical teams and stakeholders to organize and facilitate security workflow and process automation alignment discussions
Serves as a resource to requestors of IT demand and project leaders to educate and assist them with implementing and complying with security requirements and workflow processes
Create, update, manage and distribute updated security requirements, workflows, roadmaps and their respective detail through various tracking and reporting means.
Oversee the regular review of current security processes, design and configuration to ensure those adhere to industry best practices, security standards and foster continuous improvement
Establishes and maintains process governance for security standards across the various engineering-related organizations
Proactively plans, coordinates and leads detailed training sessions with other security associates and stakeholders to educate on process changes, new tools/systems etc.
Guide team members in the use of monitoring and troubleshooting tools to evaluate and resolve complex issues across a wide variety of network and infrastructure security solutions.
Deliver services that meet BD security and project quality specifications
Ability to take initiative to communicate, interact, and collaborate with others to ensure that all aspects of a task are addressed
A strong understanding of information and cyber security principles and best practices
Strong understanding of the security requirements lifecycle process and software development lifecycle (SDLC)
Proven experience and understanding of security analytics
Proven expertise in developing and implementing processes, process integration and process changes
Ability to develop and nurture strategic relationships with key stakeholders throughout the organizations.
Ability to pick up new products and platforms quickly, transferring skills and best practices when needed
Flexibility, ability to plan and organize, responsiveness, creativity, self-starter
Able to build solid working relationships with peers and senior leadership
Ability to demonstrate strong written, verbal communication and presentation skills to all levels of seniority and disciplines within the organization
Experience with the oversight and building working relationships with Managed Security Services providers, as well as other integrated vendors and third parties included in operations.
Proven experience in leading, organizing, prioritizing and communicating tasks for security engineers.
Excellent security engineering aptitude and the ability to provide technical mentorship and guidance
Strong interpersonal skills with the ability to effectively present information and develop others.
Minimum of 5 years of technical writing and report generation
Minimum of 7 years of managing teams and third-party resources
Minimum 7 Years Enterprise IT security risk assessments and related frameworks (e.g., ISO 27000 series, NIST 800 Series, COBIT, IT General Controls, etc.)
Minimum 2 Years Conceptual knowledge of the following regulations: PCI, Sarbanes-Oxley, HIPAA, GLBA, FISMA
Knowledge of project management processes (PMI, PRINCE2)
Certified Application Security Engineer (CASE) certification
Industry recognized certification in security (e.g., CISSP, CCSK,CISA, CISM, CEH, etc.)
Experience in IT Security Testing (e.g., penetration testing, web application security assessments, vulnerability assessments and technical security assessments
Knowledge of security frameworks (ISO, NIST, COBIT)
Experience with implementing Security Systems Lifecycle Management processes into overall IT Management Processes
Experience with security system life cycle management solutions for applications, network and infrastructure
Primary Work LocationUSA NJ - Franklin Lakes
Additional LocationsUSA CA - San Diego (BDB), USA CA - San Jose, USA MD - Baltimore, USA NC - Research Triangle Park, USA TX - San Antonio, USA UT - Salt Lake City
BD (Becton, Dickinson And Company)