ISP Manager

Job Description

Summary The Information Security Practice Manager is responsible for developing, managing, and putting the process into practice of Information Systems Application Security, Network Infrastructure Security, Identity & Access Management, Security Governance, and Security as Service. The role is also responsible for defining & practicing Secure SDLC Process & periodically perform Security Compliance Audit including cyber security, disaster recovery, database protection, and software development. Responsibilities

• Integrating security tools, standards, and processes into the Product Application lifecycle (ALC), Data Protection, Secure Network & Infrastructure Operations, and Access Management.
• Ensuring that developers and QA personnel are trained with appropriate level of security knowledge to perform their daily activities.
• Improving and supporting usage of application security tools, custom scripts, deployments for static analysis (SAST), and runtime testing tools (DAST).
• Improving and maintaining secure development standards, aligned with industry defined security standards.
• Initiating and supporting incident response and architecture review processes whenever application security expertise is needed.
• Managing periodic Application Security Review & Testing services including Penetration testing for consulting and managed services.
• Managing application framework and perimeter security improvement projects.
• Integrating threat modeling practices into the Software Application Product life cycle, Data Protection, Secure Network & Infrastructure Operations, and Access Management.
• Producing periodical metrics reporting the state of application security programs and performance of development teams against requirements.
• Must be able to explain all vulnerabilities and weaknesses in the OWASP Top 10 WASC TCv2 and CWE25 to any audience, and discuss effective defensive techniques.
• The ideal candidate has experience writing and testing web applications and web services in the following programming languages CC++, Java, and JavaScript. The candidate should have familiarity with a variety of development and testing tools, including Eclipse, GIT, GCC, JIRA, Subversion, Maven, ClearQuestCase, Silk, FindBugs, HPFortify SCA, IBM AppScan, and HP WebInspect.
• Familiarity with industry standards and regulations including PCI, FFIEC, SOX, and ISO27001 is desired.
• Candidates should be familiar with waterfall and agile development processes and have experience integrating secure development practices into both models.
• Managerial Skills
  • Must have a strong background in information technology and information security practice.
  • Require excellent analytical and problem-solving abilities to identity and fix security risks.
  • Build understanding and awareness of security issues throughout the organization.
  • Must have excellent communication and presentation skills.
  • Good teamwork skills to develop security solutions in collaboration with other information technology professionals.
  • Responsible for the security governance and ensure adherence application security control and risk analysis of organization client applications.
  • Managing periodical security meetings and coordinating, training for development staff.
  • Manages offshore ISP team to ensure that all applications are functional and secure.
  • Supporting for ISP expansion plan by coordinating with management and various teams including business, support, and delivery teams.
  • Must have strong leadership skills and be effective managers of highly technical individuals.
  • Demonstrable ability to influence decision making processes at all levels across organizations will be critical to success.

Keyskills :
secure sdlcproduct life cyclerisk analysisweb serviceslife cycleidentity access managementcyber securityiso 27001information security consultingtesting toolssecurity tools