Sr. Director, Product Security
- Build and lead a high performing Product Security team and drive efforts to address internal, external, and emerging application security risks throughout the organization.
- Work on key areas to develop baseline cloud, container, and application security standards and integrate into the CI/CD pipeline
- Develop key partnerships with executive leadership, engineering, and product teams to enhance the organization’s security program.
- Assess, design, implement, automate, and document security solutions and processes for K8s, and Cloud environments.
- Leverage Agile methodologies to design, develop and deliver application security strategy, throughout the CI/CD lifecycle, including but not limited to the operating model, staffing and execution plans as needed.
- Implement "security as code" using cloud services and CI/CD components and integrations.
- Work with the Software Engineering teams to ensure that application security risks are effectively identified using market leading tools such as SAST, DAST, SCA etc., and appropriately with the right balance between security and operations.
- Be a product security evangelist who can translate security concepts into language that is meaningful to varying audiences, including business and technical leaders. Integrate new and existing security tools, standards, and processes into the development life cycle, including static analysis and runtime testing tools.
- Conduct business level security architecture assessments to evaluate existing security program and cloud application architecture, identify weaknesses and make recommendations.
- Ensure appropriate developer security awareness, culture, and mindset through a variety of outreach programs.
- In partnership with Software Engineering teams, Release Management, and SRE, design, implement, and maintain a Secure Development Lifecycle as part of the organization’s SDLC.
- Manage security assessments, penetration testing, and bug bounty programs to ensure the continuous security oversight of the RMS environment, platforms, and applications.
- Lead the team in the development and evolution of security roadmaps, embodiment of strategic plans, understanding controls and process gaps, providing architectural vision, and enabling the larger information security team.
- Working closely with business groups and the engineering manager, this role will enable the architects to define and deliver innovative architectures to support the continued maturity growth and efficiency of RMS’s information security services.
- Other Key Management Responsibilities:
- Hire, grow and retain team members to expand the team and its capabilities within the organization
- Act as an advocate for mentoring and technical career growth in the information security organization
- Act as a liaison with other internal RMS teams or driving new capabilities, product investments, and research to fill coverage gaps.
Required Experience/Skills & Education:
- Extensive background in Product Security management and implementation in an Agile and CI/CD environment leveraging Cloud architecture and technologies (AWS primarily but including Azure).
- Technical experience with design and implementation of security containers, including Kubernetes.
- Minimum of 8 years progressive experience in an information security management role, with an emphasis in one or more of the following areas: Security Architecture, Security Engineering, Security Product Management, Software Engineering.
- Demonstrated understanding of Software Engineering and Development technologies, methodologies, and implementations.
- Minimum of 7 year’s management experience leading high visibility/impact functions, including the management of senior technologists and architects.
- Strong background in ensuring secure application development, from front-end sites, API layers, and data management layers.
- Technical experience with various authentication schemes, SAML integrations, federation of trusts, etc.
- Strong background in securing SaaS platforms, and other multi-tenant, Cloud-architected environments.
- Extensive background in information security services and operations and the people, process, and technology components that make them successful.
- Significant experience in fulfilling business needs through the development of solutions through well-organized processes.
- Experience in client-facing discussions with new and existing customers to discuss security controls and implementations.
- Significant Service Management and or vendor management experience.
- Must be able to communicate at a technical and business level, and be a bridge between the two
- Appropriate certifications a plus.
About RMS There’s a 1% chance an earthquake will cause $50 billion of insured loss within the next 12 months and a 5% chance that a hurricane will cause $60 billion of insured losses next year. At RMS, we turn risks into real numbers. How? By building simulation models that allow insurers and investors to understand and manage their global risks--from hurricanes, quakes, and wildfires, to cyberattacks, terror attacks, and pandemics. Why? We want to build a more resilient world, and we’re on a mission to help make every risk known. Insurers, reinsurers, investors, financial institutions, governments, and NGOs trust RMS solutions to better understand and manage catastrophe risks. RMS was founded in 1989 by Stanford scientists who created our first model for California Earthquake. Today, RMS has some 1,300 employees across 13 offices in the US, London, Bermuda, Zurich, India, China, Japan, Singapore, and Australia, and over 1,000 products and models now covering six continents. RMS helped pioneer the natural catastrophe model market we now lead – and we continue to innovate. In May 2019, we announced RMS Risk Intelligence™ (RI), an open-standard platform for strategic risk management. Through this purpose-built platform, clients can tap into RMS HD models, rich data layers, intuitive applications and APIs that simply integrate into existing enterprise systems to support business decisions across underwriting, risk selection, mitigation, and portfolio management. How we understand and manage risk affects everyone and our passion is nothing less than creating a more resilient world through a better understanding of catastrophic events. Join our team of leading scientists, developers, industry experts, and world-class professionals. Together, RMSers make a difference on a truly global scale. Visit RMS.com to learn more and follow us on LinkedIn and Twitter. RMS is proud to be an equal opportunity workplace. We are committed to equal employment opportunity without regard to race, color, creed, gender, religion, marital status, registered domestic partner status, age, national origin or ancestry, physical or mental disability, genetic characteristics, sexual orientation, or any other classification protected by applicable local, state, or federal law. To all recruitment agencies: RMS does not accept unsolicited agency resumes and will not be responsible for the payment of placement fees related to unsolicited resumes submitted to open positions, job aliases, or to our employees.