Director, Application Security

Product Bangalore, India Chennai, India


Description

Director, Application Security

Bangalore, India or Chennai, India

 

The Opportunity:

Anthology offers the largest EdTech ecosystem on a global scale, supporting over 150 million users in 80 countries. Our mission is to provide dynamic, data-informed experiences to the global education community so that learners and educators can achieve their goals.

 

We believe in the power of a truly diverse and inclusive workforce. As we expand globally, we are committed to making diversity, inclusion, and belonging a foundational part of not only our hiring practices but who we are as a company.

 

For more information about Anthology and our career opportunities, please visit www.anthology.com.

 

Anthology’s Security Program leads the engineering and operation of technology to monitor and enhance the confidentiality, integrity, and availability of all information systems and products. We are building a team based on frictionless interactions with our partners across the corporation leveraging transparency, trust, and collaboration to elevate Anthology security through partnerships.

 

As Director of Application Security, you will report to Anthology’s Chief Information Security Officer and will be responsible for managing the people, processes and technologies that enable our global development teams to meet Anthology’s stringent security requirements in support of our clients’ objectives. You will be responsible for building and maintaining relationships with key leaders and stakeholders on our product and technology teams, advising them on control requirements and posture, and driving the shift-left mindset as part of your roadmap. The ideal candidate is a proven leader with experience in program management and expertise integrating application security tools and practices into a product organization.

 

The Candidate:   

Required skills/qualifications:   

  • 10-12 years of prior relevant experience
  • Experience expanding and operating scalable DevSecOps programs as integrated components of the SDLC across multiple information systems and products in a global organization
  • Strong knowledge of common application security vulnerabilities, including those cataloged in the OWASP Top 10, SANS CWE Top 25, and implementing processes to prevent, detect, mitigate and remediate vulnerabilities as an ongoing program
  • Ability to lead and grow a highly technical team of application security experts as collaborative partners to our software development teams
  • Ability to communicate security posture, risk, and mitigation strategies to technical and non-technical audiences, and act as an evangelist of security objectives to influence decision making at senior management levels in support of business risk management processes and compliance objectives
  • Ability to achieve successful outcomes across multiple product teams utilizing a mix of technology stacks
  • Experience with development, communication and maintenance of KPIs to drive continuous improvement and demonstrate mutual success
  • Experience integrating security tools to CI/CD pipelines and driving automation of the testing cycle
  • Experience in software engineering and/or product architecture roles, with a working knowledge of application security architecture
  • Experience managing technology vendor relationships as an extension of the team and execution of planned projects on schedule and on budget
  • Experience participating in annual budgeting processes and recurring forecasting
  • Experience managing improvement projects and communicating project risks effectively
  • Experience with supporting the maintenance of client collateral in support of sales and renewal cycles
  • Fluency in written and spoken English
  • Minimum of bachelors’ degree in Computer Science or a related field

 

Preferred skills/qualifications:   

  • Familiarity with compliance standards and control catalogs including ISO 27000 series, NIST 800-53, PCI DSS                    

 

This job description is not designed to contain a comprehensive listing of activities, duties, or responsibilities that are required. Nothing in this job description restricts management's right to assign or reassign duties and responsibilities at any time.   

 

Anthology is an equal employment opportunity/affirmative action employer and considers qualified applicants for employment without regard to race, gender, age, color, religion, national origin, marital status, disability, sexual orientation, gender identity/expression, protected military/veteran status, or any other legally protected factor.