IT Security Manager providing operational leadership for ICBC’s IT security program. Enhancing cyber security practices and managing security initiatives in a dynamic, hybrid cloud environment.
About the role
- Director leading Security & Compliance Engineering for Pearson Software Group to embed security into SDLC and manage risk effectively.
Responsibilities
- Architect and institutionalize secure SDLC practices (threat modeling, secure coding, dependency hygiene, automated testing, release gating).
- Own DevSecOps integration across CI/CD (SAST/DAST/IAST, secrets scanning, SBOM, container/image hardening, IaC policy checks).
- Drive “shift-left” security through reusable CI/CD templates, policy-as-code, and golden paths.
- Partner with platform/SRE to enforce WAF, API AuthN/AuthZ, mTLS, and runtime protections via guardrails—not gates.
- Publish “paved road” toolchains, reference architectures, and code libraries with secure defaults.
- Stand up sandboxed environments (e.g., GitPod) and secure-by-default scaffolds to accelerate teams.
- Deliver targeted training for engineers (OWASP, secrets, auth, threat modeling) tied to real code and pipelines.
- Lead SOC 2 Type 2, HECVAT, and institutional reviews using automated evidence from pipelines and platforms.
- Define OKRs and SLAs for vulnerability remediation, secrets rotation, agent coverage, and audit readiness; publish executive dashboards.
- Align compliance asks with product/engineering roadmaps; triage by business risk and customer impact.
- Own vulnerability management (Qualys/Snyk/OSS posture), secrets lifecycle and key rotation, and perimeter/API security.
- Continuously monitor control health; ensure clear ownership, escalation paths, and exception processes.
- Improve MTTD/MTTR by integrating detections with engineering telemetry and runbooks.
- Optimize run costs for security tooling and tests; ensure renewals/SOWs are timely and value-based.
- Report posture, compliance status, and maturity trends; drive continuous improvement and transparency.
- Champion a blameless, learning culture that balances speed and safety.
Requirements
- 10+ years in software engineering or DevSecOps; 5+ years leading secure SDLC at scale (cloudfirst; AWS preferred).
- Expertise in CI/CD automation, SAST/DAST/IAST, SBOM/OSS governance, secrets management,and API/perimeter security.
- Hands-on experience integrating controls into developer workflows (policy-as-code, pipelines, pre-commit/pre-merge checks).
- Proven delivery of SOC 2 Type 2/HECVAT using automated, system-of-record evidence.
- Executive communication; OKR setting; budget ownership; ability to influence product/engineering/security.
Benefits
- Eligible to participate in an annual incentive program
Job title
Job type
Experience level
Salary
Degree requirement
No Education Requirement
Tech skills
Location requirements
Security Officer ensuring safety and security of Yankee Candle assets and personnel. Responsiblities include monitoring, patrols, incident response, and safety training at the corporate campus.
Senior Specialist in Information Security Governance, Risk & Compliance at Cellulant, driving information security, privacy, and compliance standards within BFSI context.
Cloud Security & Application Security Engineer at Cellulant enhancing security across cloud - native platforms and applications. Working in a hybrid role to support a leading payment service provider in Africa.
IT Audit Consultant joining Baker Tilly to manage technology risks for clients, offering strategic advice and audit support. Engaging with client executives to ensure compliance and operational efficacy.
Senior Health and Safety Advisor overseeing health and safety on construction projects for Aecon. Ensuring compliance with SST legislation and promoting zero accident culture.
Senior Information Security Specialist executing Daikin Europe’s Information Security strategy. Collaborating with leadership to ensure our systems and services remain secure and compliant with regulations.
Experienced Information Security Officer at Daikin responsible for defining Information Security strategy and ensuring compliance with regulatory frameworks. Collaborating with external specialists and mentoring junior team members in EMEA.
Security Specialist ensuring the protection of company and government assets. Conducting daily security functions and providing technical support while maintaining compliance with regulations.
Industrial Security Specialist conducting daily security functions and providing technical support within Booz Allen. Focused on protecting company and government assets while handling classified materials.