Product Security Risk Management Director is responsible for designing and executing the product security risk program. This position will be the single point of contact for multiple product teams influencing and advising them on the how to implement the product security policies early in the development life-cycle. Continually reviewing and updating security policies with the Security Program & Governance Director. This position requires a solid foundation in program management skills, a high degree of organization and a solid awareness of information security concepts. Familiarity with security testing and response planning as well as current industry trends in the area of Information Security is highly desirable.
Scope: Will be responsible for the design and execution of the Product Security Risk Management Program. The director, reporting to the CISO will coordinate with the SVP/HR and Business Unit leadership to support change management efforts across the corporation. The scope of the responsibilities are corporate-wide, responsive to the direction of CISO closely aligned with the SVP/HR who has executive sponsorship over the Product Security Risk Program.
- Collaborate with product teams to identify potential features, architecture changes, and mitigating strategies to improve security of products
- Work closely with the Business Information Security Manager and BU teams to develop threat models for products
- Manage and drive security bugs to resolution
- Track and chart progress of issues and projects from conception to completion
- Effectively manage reported software vulnerabilities affecting RA to the ICS industry, government agencies, and customer base
- Public face for the CISO office in working with customers and business partners to understand and resolve product security concerns
Lead security representative pertaining to all information security issues as they relate to Government bodies such as Department of Homeland Security, United States Secret Service, Federal Bureau of Investigation, etc.
Works with governing bodies to assist and contribute to the drafting of Standards for ICS security and product development standards
Supports Legal department and CISO in projects related to third party information security risk for third parties that are part of the supply chain, including selling channels, suppliers, and technology partners
Coordinate with RA Public Relations and Marketing
Act on behalf of the CISO/BU for PR/commercial message to the industry
Researchers and security community
-Assistance with vulnerability/threat response
-Assistance with DfS
BS/MS in Computer Science or related field.
Minimum of 10 years of relevant technical and program management experience.
Familiarity with threat modeling, code review, and penetration testing methods.
Up to date knowledge of current and emerging application security threats and techniques for exploiting application vulnerabilities.
A deep understanding of architecture level security concepts.
An awareness of information security concepts.
The ability to create functional processes for managing communication.
Strong project management skills.
Excellent written and oral communication skills.
Experience with Secure Software Development activities.
Self-motivated, independent, and works well within and across functional teams.