Program Manager, Product Security

Software Support Plano, Texas United States


Description

This position will drive the execution of Enterprise Information Security (EIS), cyber risk management activities, and compliance in the Courts & Justice Division, including all processes and strategic/tactical security improvement initiatives. They will help us protect the data platform we provide to government clients by advocating on behalf of the Division for improvements in secure business operations. This candidate will be responsible for planning, documenting, and managing information technology (IT) and cybersecurity projects, including implementing methods and metrics to track the progress and success of these security initiatives.  They will serve as a key incident response team member during security incidents. As a member of the Central Operations team, this person will collaborate with within the division and across the Enterprise to standardize and operationalize our security programs and create efficiencies.  

Responsibilities

  • Utilize industry standard project management approach to facilitate, track and streamline division-wide information security projects.  Work independently to manage projects executed by Security, IT, Engineering, and other departments who perform security-sensitive work

  • Organize and prioritize security operations requests through internal and external channels

  • Organize information security risk assessments, security compliance audits and cybersecurity audits for the division, communicate results and security practices internally and externally to clients as needed, and coordinate the completion of prescribed remediation post-assessment to improve the division's security maturation in line with corporate expectations and timelines

  • Develop and evaluate compliance with programs and processes to mitigate cybersecurity risk and ensure protection of company systems and reputation

  • Participate in establishing information security audit procedures relevant to applicable compliance standards, regulations, and international data privacy laws

  • Resolve or manage the divisional resolution of security issues escalated from corporate security

  • Collaborate with corporate security and engineering teams to analyze and assess vulnerabilities in our products and mission-critical applications across our on-prem, hybrid, and cloud-hosted solutions and assign appropriate risk scores to discovered vulnerabilities

  • Investigate available tools and countermeasures to remedy detected vulnerabilities. An investigation may require cross-divisional or corporate collaboration

  • Manage vulnerability remediation and adhere to timelines based on corporate security policies

  • Evaluate and test the design and operating effectiveness of information security controls

  • Research and interpret current and pending governmental laws and regulations, industry standards and customer and vendor contracts to communicate compliance requirements

  • Liaise with corporate and cross-divisional security leaders to maintain forward progress on enterprise-wide security-related initiatives

  • Work with divisional leadership in developing security strategies and guidance documentation that drives the vision

  • Collaborate with engineering in developing automated security testing to validate adherence to secure coding best practices

  • Work with architecture, engineering, technical and cloud services teams to incorporate cloud-security best practices

  • Communicate to business customers, technical teams, and leadership consistently, making complex topics, issues, and solutions clear, simple, and understandable

  • Play a key role in security incident response, including managing working groups, communication, and assigned action items, as well as coordinating and providing off-hour, on-call support, assembling divisional support teams to provide up to 24/7 remediation, as required by the severity of the incident

  • Take responsibility for and help maintain audit compliance deliverables.

  • Manage multiple enterprise-driven projects with hard deadlines.

  • Work independently and with other team members having little management oversight.

  • Navigate policies and procedures to ensure compliance with audit and regulatory requirements (for example: SOX, SSAE18, PCI DSS, ISO, CJIS, FedRAMP, etc.).

  • Other responsibilities as assigned.

Qualifications

  • Bachelor’s degree with minimum 5 years of prior relevant work experience in a SaaS, InfoSec, or Information Security project management capacity, including all aspects of project initiation, planning, development execution and delivery.

  • Detail-oriented, highly-motivated individual with strong project management skills and cybersecurity familiarity that thrives in a fast-paced, team environment.

  • Strong understanding of information security standards, concepts, controls, testing techniques and technical risk assessment

  • Experience evaluating the security controls/capabilities of full spectrum cyber security solutions and the ability to evaluate the cyber risk of technical solutions through the analysis of architectural documents.

  • Significant consideration will be given to candidates who maintain one or more industry information security assurance certifications (such as CISSP, CISA, CIPT and/or CCSK), and project management certification.

  • Experience supporting US government or equivalent municipalities.

  • Ability to elicit cooperation from a wide variety of sources, including upper management, clients, and other departments

  • Ability to work both independently and collaboratively in a team-oriented environment