As an Application Security Expert, in Corporate Third Party Oversight you will ensure consistent and effective end-to-end risk management program is in place globally for third party-hosted applications. You will influence internal and external stakeholders to inform and ultimately mitigate third party application risk across the firm.
Job Responsibilities
- Drive the transformation agenda, including business justification and program build out.
- Partner with internal risk teams to support business as usual risk activities, reporting and project initiatives.
- Ensure risk impacting the business is effectively identified, quantified, communicated and remediated
- Influence supplier adoption of the product vision, roadmap, and risk control objectives
- Operationalize the Third Party Software Bill of Materials (SBOM) program
Required qualifications, capabilities, and skills
- 5+ years of experience in Third Party Risk Management (TPRM) or Governance, Risk Management, and Compliance (GRC), Cybersecurity, Application Security, Cloud Security Architecture (SaaS, PaaS & IaaS) within a large enterprise level environment
- 3+ years of experience using a broad set of technologies (e.g., servers, operating systems, applications, databases, hypervisors, virtualization management, containers, compute, storage, etc.)
- Strong leadership skills, ability to multitask, sense of ownership, attention to detail and quality, and deliver on commitments
- Understanding of Secure Software Development Life Cycle (SSDLC) (e.g., coding requirements, risk assessments, threat modeling, static code analysis, and dynamic application scanning)
Preferred qualifications, capabilities, and skills
- Certification in Public Cloud Technology from major Cloud Service Provider
- Experience with Software Bill of Materials (SBOM)
- CISSP, CISA, CISM, CCSP or CRISC certification