Desired Skills and Experience

  • Provide Leadership and guidance in appropriately securing business applications owned, used, and provided by the firm
  • Provide thought leadership and offer innovative ideas and solutions to resolve systemic software security issues
  • Create execution strategies that focuses on embedding security controls into existing developer and tester practices and methodologies to enhance effectiveness
  • Lead and participate in cross Line of Business working groups and committees to review and approve proposed architecture and support presentations to various leadership groups
  • Manage a diverse organization of technologists focused on defining intelligence led enabling solutions
  • Define differentiated Cyber controls (standards) for application environments understanding the complex and diverse nature of Experian
  • Manage applicable standards and procedures translating security requirements into easily understandable requirements
  • Maintain a deep understanding of the core discipline(s) for which you support (SME)
  • Provide senior level updates to various Operating Committees
  • Responsible for coaching and mentoring Cybersecurity professionals
  • Collaborating with business and technology partners to understand the firm’s business goals, use of application development processes and related tools
  • Success will be measured by the comprehensiveness of associated standards and controls and the ability to mitigate emerging threats
  • Drive application security design principles and requirements processes to enhance the firm’s ability to streamline software delivery
  • Establish and enhance firm wide software security modeling and assessment methods to ensure adequate protections of the firms assets
  • Assessing secure development approaches, requirements, and evaluating existing solutions and providing strategic direction towards enhancements
  • Enhance current inventory of security features and libraries
  • Continuously enhance the security standards based upon existing and emerging technologies and threats,translating the standards into requirements and solutions
  • Create a global inventory of common security reusable components, defining a new program for identifying, managing, adopting and maintain them.
  • Create a capability to identify, assess and solve difficult security design problems
  • Identify best practices and solutions to establish approved security features and frameworks
  • Find and publish mature security design patterns and implementations from within the organization
  • Play a key role in building, maintaining firm wide cyber threat catalog and used by multiple processes, people and tools
  • Drive automation of cyber processes and tools that impact the software development lifecycle in collaboration with the firm development office
  • Providing support in guiding business and technology partners on application security
  • Sharing of information about secure system development practices, risks, and interpretation of industry standards within the firm, and externally as a representative of the firm
  • Webinars and envangelize application security across the enterprise environment
  • Coach and mentor junior team members
  • Experienced leader who demonstrates results in matrix organizations
  • 5+ years of experience in application security and secure systems development lifecycles
  • Security Design Reviews or ArchitectureRisk Analysis
  • Threat Model Patterns for applications and business processes
  • Identifying emerging risks and vulnerabilities beyond the common OWASP, NIST, SANS inventories
  • System software and organizational design standards, policies, and authorized approaches (e.g., ISO) relating to system/application design.
  • Software design tools, methods, and techniques
  • 3+ years of experience in application development, architecture or engineering
  • Bachelor’s degree in Computer Science, Computer Engineering, or related field required
  • Direct involvement in application security assurance programs
  • Experience with developing & supporting application security strategy, architecture, and standards
  • Solid understanding of application security enabling technologies across the development lifecycle
  • Knowledge of application development & deployment strategies and concepts
  • Skilled in Threat Model methodologies and approaches such as STRIDE, Attack Trees
  • Certifications such as CISSP, CSSLP, Cloud Architect –highly desirable
  • Ability to build and manage highly motivated and innovated technical team
  • Ability to work under pressure in time critical situations
  • Ability to resolve conflict in a collaborative manner
  • Ability to manage, develop and design global organizations effectively
  • Must be a driver of change and have strong influential skills
  • Excellent written and verbal communication skills, including the ability to independently and effectively participate in strategic discussions / meetings with senior level peers across the firm
  • Ability to communicate effectively with business and technology representatives in articulating strategies and impact