Information Security Application Security Manager

The Information Security organization has an opening for a skilled Application Security lead to serve as the leader of a team of skilled Information Security professionals.
We are seeking an experienced information security leader who will energize a group of information security professionals and lead the Application Security Assurance activities across the firm. The successful candidate should have a strong track record of cultivating business relationships and developing effective teams. A technical background is important, including the ability to converse in technology infrastructure, application, network and information security-related issues. Strong written and verbal skills are also a key to success.
This role reports to the Head of Technology Assurance, and is expected to interface across the entire IT environment (including architecture, development, infrastructure/engineering, and operations).
The position will be responsible for the following:
-Provide application consulting services to business units on a variety of application security products including web application firewalls, application authentication, application load-balancing, application optimization, and data leakage prevention -Assess and design application architectures to provide application security recommendations to business units -Partner with Security Architects and provide security subject matter expertise in reviewing the architecture of the key business unit programs during design phase -Act as Escalation point for issues -Make sure that stakeholders are kept adequately informed about progress throughout the program -Liaise with Businesses to better understand security risks and needs in context. -Identify opportunities for process improvement at both the Corporate and Business Unit level. -Prioritize program deliverables and manage day-to-day team workflow. -Identify and evaluate business and technology risks, controls which mitigate risks, and related opportunities for control improvement -Selection and tailor approaches, methods and tools to support the IS program and related sub-projects

Requirements:
Experience Required Skills, Knowledge and Experience:
-8+ years experience in IT risk management, compliance, controls and/or information security. -Undergraduate degree required. . -A confident, dynamic individual capable of defining, building, and matrix managing a global program across technology and business organizations in a constantly evolving environment. -Customer-oriented, resourceful and enthusiastic. -Experience performing security gap assessments and producing executive management reports on current practices that expose an organization to security risks. -Experience with an organization's application security due diligence efforts when entering into third party relationships a plus. -with application security, ethical hacking or application penetration testing methods, tools, and techniques, along with other types of application assessment. -Strong understanding of application security issues, especially web-based applications. -Understanding of common application security issues including OWASP top 10, SANS 25 etc. -Understanding of software development lifecycle (SDLC) including Agile. -Subject matter expert on technology risk management with complete understanding of security methods and technical elements i.e., access controls in the operating system, application and network environment, firewall, SSL, IDS, VPN, DMZ, encryption, digital certificates, biometrics, monitoring tools, mobile data protection, enterprise DRM. -CISSP and/or CISM required. -CSSLP a plus.