Application Security Manager

JOB DESCRIPTION



I.  Basic Purpose of Position

Provide application security subject matter expertise to the design, development, deployment and maintenance. Lead, manage and oversee individual security projects related to the program under the direction of the Senior Manager.  Effectively represent and communicate security interests to team members and OIM colleagues. 

 



II. Specific Functions

  Describe the major responsibilities in order of importance.

Provide detailed application security subject matter expertise to the program team on development security, secure design of application components, integration of applications into a secure infrastructure, maintenance procedures, application operations and other related areas. 

Organize, manage and/or execute security projects related to the application including, application component design, security assessments, security training, communications, etc

Contribute to the definition, maintenance and execution of the security strategy. 

Assess risk in development, deployment and maintenance of.  Analyze risk issues and evaluate implications from a business perspective, across the Audit business processes, data flows between systems, and devices within and across national boundaries. 

Coordinate with the team throughout the Systems Development Life Cycle to facilitate integration of security components into overall approach

Effectively communicate security approaches, issues and status to colleagues at all organizational levels including Executive, oversight committees, program boards, management groups, technology teams in a geographically distributed international environment. 

 

Manage execution, costs, dates and work product quality of security consultants

 

Supplement the existing security life cycle methodology with appropriate security artifacts and activities

 

 

Contribute to the development and ongoing maintenance of the global security requirements and communicate those requirements and good application security practices to relevant parties

 

III.  Education

  Specify the level of formal education required to perform this job at an acceptable level.  Include any specialized or vocational/technical training, Certificate or Diploma programs, or supplemental coursework.

· Undergraduate degree in Information Technology, Computer Science, or related field

 

· Information security and industry certifications beneficial, including CISSP

 

IV. Knowledge, Abilities and Skill Expectations

  List any specialized knowledge or functional expertise necessary to perform the job at an acceptable level.  Examples include:  computer software, analytical abilities, negotiation skills, presentation talents, organizational aptitude, etc.  Provide examples that clearly illustrate the scope of each expectation listed.

1. Detailed experience and expertise in the secure design / development of enterprise scale business applications

2. Comprehensive understanding of application security practices, approaches, designs and implications. 

3. Good overall technology security background, with strong expertise in technology security best practices, trends, vulnerabilities, controls and related issues

4. Experience in the analysis, design, development and deployment of secure processes, data handling and application architectures for a multi-national/global enterprise

5. Expertise and understanding in business justification for security and possessing the ability to effectively communicate (written, verbal and presentation skills to a broad range of audiences)

6. Able to successfully operate in a complex, matrixed, global, virtual, 24/7 organization where persuasive arguments and collaboration are the typical methods used to reach objectives

7. Strong analytical and organizational skills in order to respond and address security activities in a creative, logical and timely manner

8. Ability to manage resources and complex projects  for quality, time and cost

9. Poise, confidence, and executive presence

10. Good business acumen

11. Self-directed and able to operate with little direct oversight

 



 

Level of autonomy and responsibility require an individual with a proven track record of success.

 

VI. Interpersonal Relations

  Provide details relating to the breadth and depth of skill level expected in this position.  Areas assessed should include:  frequency, duration, goals, effectiveness, impact, sensitivity and participants of interactions

1. Individual must possess poise, confidence and excellent communication skills.

2. Effectively communicate and collaborate with  program leaders,  business representatives, oversight committees, technology leaders and a global audience.

3. Collaboration and persuasion are essential to success.

4. Ability to correctly assess situations and make decisions affecting the most significant firm systems.

5. Effectively prioritize multiple commitments and meet expectations of colleagues while managing a variety of simultaneous efforts.

6. Balance good security practices and operational/technical realities.  Able to use initiative and make decisions taking into account the needs and expectation of all stakeholders.  Leverage relationships in order to persuade and influence staff from multiple teams to ensure quality results.

 

VII.  Position Authority and Responsibility

  This person manages the Security architecture, design, development and deployment activities for a mission critical custom built business application that will be used by 40,000 auditors across more than a hundred countries that are presently generating >$10B in annual revenue.  This affords them global visibility, access to development opportunities and expertise, developing their functional competencies while delivering project results.

 

Annual budget responsibility

 

Authorization level



Size of service population (if applicable):

 

(Headcount)

Number of people supported:

 

(Headcount)

 

 

 

 

VIII. End Results

 

Decisions made contribute to the security of a critical application essential to the largest business unit on a global scale.  Actions are noticeable beyond the department.

 

IX. Supervisory Responsibility

  Indicate which skills are: (1) constantly required, (2) frequently required, (3) occasionally required,
(4) beneficial but not required, (5) not required for this position.

 

Directing tasks of others

 

1

 

2

ü

3

 

4

 

5

Scheduling work groups

 

1

ü

2

 

3

 

4

 

5

Planning employees’ schedules

 

1

 

2

 

3

 

4

ü

5

Supervising projects

 

1

ü

2

 

3

 

4

 

5

Hiring or terminating employees

 

1

 

2

 

3

 

4

ü

5

Evaluating performance of employees

 

1

 

2

 

3

ü

4

 

5

Consulting with direct reports

 

1

 

2

 

3

ü

4

 

5

Guiding direct reports

 

1

 

2

 

3

ü

4

 

5

How many individuals report directly to this position?

  0

Indicate below the titles and respective levels of these individuals, or attach an organization chart.