Security and Risk Manager

Key Responsibilities

• Designs, develops, operates and manages security strategies, policies and programs to assess, prioritize, and mitigate business risk with technical and non-technical controls

• Responsible for embedding security early into the software development lifecycle through the delivery of secure development training and the incorporation of static code analysis and dynamic application security testing within the continuous integration / continuous deployment pipeline

• Designs and performs security assessments of systems to ensure they are operating securely, and that data is protected from both internal and external attacks. Ensures compliance to policies and procedures. Makes recommendations for preventive measures as necessary

• Manages the application vulnerability management process that ensures regular security testing of applications to identify network, infrastructure, and configuration vulnerabilities, and consistently tracks remediation of identified vulnerabilities

• Collaborates with development teams to identify and develop security champions and certifying non-security professionals on security concepts to embed application security expertise and advocacy within existing software development and quality assurance teams

• Provide support to strategic initiatives, programs, and projects by identifying information security risks, collaborating with project teams on determining and implementing mitigating controls, tracking timely remediation of issues

• Provide oversight, coordination and management of Security & Risk projects

• Provide security consulting and subject matter expertise with the evaluation, selection and implementation of new IT systems from risk, compliance and information security controls perspective

• Support Director of ITS Security & Risk on improving overall service and solutions across the firm

Experience Required

• We're looking for someone who has application development experience combined with an understanding, implementation and automation of Information Security and Secure Coding principles.

• Minimum of 5 years of experience in Information Security with proven experience managing and implementing information security solutions

• Bachelors’ degree in Computer Science is required

Skills and Attributes

• Excellent follow-up skills with attention to detail and ability to multi-task, have leadership presence, strong team-orientation and interpersonal skills, flexibility, and strong analytical skills

• Certifications in one of more of the following is a plus: Certified Information Systems Security, Professional (CISSP), Certified Ethical Hacker (CEH), Certified Secure Software Lifecycle Professional (CSSLP) or other equivalent certifications

• Track record of interfacing with and presenting results to senior management

• Possesses a comprehensive understanding of how risk management processes and other IT functions collectively integrate to contribute towards achieving business objectives

• Project management experience with a proven track record for managing security projects

• Excellent written and verbal communication skills

• Excellent planning and organizational skills

• Excellent customer\client service orientation

• Polished and professional demeanor

• Occasional travel to other offices and firm events