Share this Job

Director - Application Security

Date Posted: Jul 2, 2019

Location: Cary, NC, US, 27513

Company: MetLife

Job Location: Cary, NC

 

Role Value Proposition:

The Director of Application Security Governance plays a key role in creating, maintaining, and enhancing application security practices as well as activating and facilitating IT Risk and Security policy and controls throughout the US Application Development organization. Acts as an interface between the organizations lead by the Chief Information Security Officer (CISO) and Chief Information Officer (CIO). This role helps to balance the risk and policy-based requirements set by the CISO with the business-lead activities and programs set by the CIO. In this capacity, the Director of Application Security Governance must be able to drive objectives that enhance security controls and standards while balancing business priorities and constraints. Central to the US CIO team -and covering all the Lines of Businesses in the US- this role is responsible for the formation of plans that improve application security and for the tracking and reporting of metrics related to security compliance.  This includes working with Application Security Champions and Application Security on identification, prioritization, and resolution of application vulnerabilities and flaws.

 

Key Responsibilities:

  • The Director of Application Security Governance supports the implementation of application security practices, provides regular status reports to senior management, and facilitates the governance and resolution of application vulnerabilities in the US portfolio. 
  • Work with Application Development managers and Security Champions to create application security plans and roadmaps that follow IT Risk and Security policies and standards, as well as supporting them in understanding and responding to internal audit reviews, legal and regulatory compliance efforts and addressing any identified findings.
  • Ensures that security measures are incorporated into strategic application plans and that Application Development and IT Risk and Security expectations and activities are well balanced and properly defined.
  • Assist in prioritizing remediation of vulnerability flaws based on the risk profile of the applications, the criticality of the vulnerability, and provide guidance as needed using the Application Security Champions.
  • Work with the CISO to develop security projects and activities that address identified risks and business security requirements as well as incorporate a perspective of the implication of these activities and projects in the application environment and the US business.
  • Develop, track and report on relevant application risk and security metrics to drive prioritization and accountability of security flaw remediation as well as security performance.
  • Accountable for the organization adoption of processes and tools to identify security flaws and for establishing practices to increase application security levels.
  • Be the liaison between Application Development, Application Security Champion Lead, Internal Audit, and IT Risk Functions. Coordinate operational activity including risk assessments, plan for closure of risk findings, disaster recovery compliance, and associated line of business reporting. Participate in secure assessments of US applications and IT infrastructure as part of the overall risk management practice of the organization. Manage list of in scope applications and their timeline and compliance with vulnerability testing.
  • Provide relevant stakeholder communication including policy changes, risk awareness and security training as well as creation of a strategy to support adoption of the new IT risk tools, processes or organizational changes.
  • Work with Security Champions to enhance the DevSecOps model by advocating for and ensuring the communication and existence of secure coding practices and standards.
  • People manager of a small team.

 

Candidate Qualifications:

Required

  • Bachelor’s degree in computer science, information systems or related field, or equivalent work experience.
  • 7+ years of related IT experience with 5 years in an information security role & at least 2 years in a supervisory role. This role requires an individual with both a strategic and IT risk background. 
  • Experience with threat modeling methods & data analysis
  • Familiar with frameworks such as COBIT, ISO 27001/2, NIST Cybersecurity.
  • Strong leadership skills and ability to work effectively with a multi-disciplinary set of stakeholders across different levels and with minimal supervision.
  • Strong understanding of the business impact of security tools, processes and policies as well as high proficiency in how to assess application risk and business impact, identify control and vulnerability assessments and define treatment strategies.
  • Familiar with tools like Archer, Veracode, and Primeon.
  • Team player; able to work collaboratively and effectively with and through others at all levels in an organization; proven ability to influence others and move toward a common vision or goal.
  • Excellent problem-solving and analytical skills, ability to root out cause and think strategically and critically to develop solutions to complex problems. Resilient and tenacious with a propensity to persevere.
  • Organized with a natural inclination for planning and attention to detail and accuracy; mindset of continuous improvement.

Preferred:

  • MBA or MS in information security is preferred
  • Building/maintaining application roadmaps
  • Professional Certifications: CISA, CISM, CSSLP, CISSP applied to software development lifecycles
  • Open Pages GRC
  • Experience with compliance requirements for HIPAA, PCI, SOX, and NYDFS

 

Business Category

Regional Application Development

 

Number of Openings

1

 

At MetLife, we’re leading the global transformation of an industry we’ve long defined. United in purpose, diverse in perspective, we’re dedicated to making a difference in the lives of our customers.

 

 

MetLife is a proud equal opportunity/affirmative action employer committed to attracting, retaining, and maximizing the performance of a diverse and inclusive workforce. It is MetLife's policy to ensure equal employment opportunity without discrimination or harassment based on race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, uniformed service member or veteran status, or any other characteristic protected by law.

MetLife maintains a drug-free workplace.

For immediate consideration, click the Apply Now button. You will be directed to complete an on-line profile. Upon completion, you will receive an automated confirmation email verifying you have successfully applied to the job.

Requisition #: 110410 


Nearest Major Market: Raleigh