The Lead, CyberSecurity Policy and Standards evaluates, tests, recommends, develops, coordinates, monitors and maintains information systems (IT) and cyber security policies, procedures and systems, including access management for hardware, firmware and software. The Lead, CyberSecurity Policy and Standards works on problems of diverse scope and complexity ranging from moderate to substantial.
The Lead, CyberSecurity Policy and Standards ensures that IT and cyber security architecture/designs, plans, controls, processes, standards, policies and procedures are aligned with IT standards and overall IT and cyber security. Identifies security risks and exposures, determines the causes of security violations and suggests procedures to halt future incidents and improve security. Develops techniques and procedures for conducting IT and cyber security risk assessments and compliance audits, the evaluation and testing of hardware, firmware and software for possible impact on system security, and the investigation and resolution of security incidents. Implements IT and cyber security policies and takes measures against intrusion, frauds, attacks or leaks. Advises executives to develop functional strategies (often segment specific) on matters of significance. Exercises independent judgment and decision making on complex issues regarding job duties and related tasks, and works under minimal supervision, Uses independent judgment requiring analysis of variable factors and determining the best course of action.
Mentor individuals and teams, working with resource managers on potential coaching situations.Advance the adoption of new techniques, tools, and processes to streamline delivery capabilities.Audit and provide feedback to team members regarding standards adherence, design principles, and expected patterns of work.Ensure reviews and testing procedures associated with security reviews are properly documentedEstablish best practices for secure code development and testingAssist in development of an education curriculum to be utilized by the Solution Engineering teams for secure coding practicesConduct application assessments to find and exploit vulnerabilities in applications
Bachelor’s Degree in Information Technology, Computer Science or a related fieldSix+ years of experience designing, developing, and testing of software applications and/or infrastructureExperience with unit testing and mockingExperience in threat modelingExperience in developing secure code and application security standardsExperience conducting application security testing and source-code reviewsExperience with risk-based testing
Applied knowledge of health solutions processingExperience with the technologies in use in the application(s) or infrastructureMaster’s Degree in Computer Science, Information Technology or a related fieldExperience performing web vulnerability assessments, application penetration testing and using penetration testing methodologies including the use of forensic tools/methodsExperience creating source code per OWASP or other secure coding guidelinesExperience exploiting OWASP vulnerabilities and executing arbitrary code to test processesExperience with cryptographic techniques such as cryptographic algorithms, key management and rotation processes, and secure key storageExperience with developing enterprise-wide secure code testing strategyCertifications CISSP (Certified Information System Security Professional); ethical hacker; ISTQB (foundation, agile, test manager, test analyst, tech test analyst, etc.)Experience with SAST and DAST technologies including IBM AppScan, CheckMarx, Secure Assist, NowSecure, Burp Suite
Scheduled Weekly Hours
Equal Opportunity Employer
It is our policy to recruit, hire, train, and promote people without regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity or expression, disability, or veteran status, except where age, sex, or physical status is a bona fide occupational qualification. View the EEO is the Law poster.
If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact firstname.lastname@example.org for assistance.