SSUSA Job #253: APPLICATION SECURITY MANAGER
Application Security Engineer (up to VP Level)
TITLE: Application Security Manager
In collaboration with members of the Systems Administration, Database Administration, Architecture and Engineering, IT Development and Application Support teams, implement practical solutions to secure the banks information assets with a particular focus on the core banking applications. This will involve implementation of preventative, detective and corrective controls based on Bank policy/standards to ensure industry good practice and regulatory requirements for existing IT solutions and future developments.
1. Application Security - To ensure that application architecture, configuration, access controls, auditing and monitoring meet the Banks security requirements and comply with all applicable regulations
2. Database Management System Security - To ensure that Database Management Systems architecture, configuration, access controls, auditing and monitoring meet the Banks security requirements and comply with all applicable regulations
3. Security Liaison for Application Projects - Support project teams in defining security requirements at appropriate times within the development life cycle and to assist in the identification, testing and implementation of 'best practice' security solutions
4. Web Application Security - compliance, auditing, testing, web application pen tests, application configuration reviews etc.
5. Security Assessments - conduct security assessments for web and other applications; communicating recommendations as it pertains to security threats, countermeasures, security tools, and network technologies
6. Secure coding - standards definition and monitoring of compliance with secure coding practices
EXPERIENCE: Best practice security practices
- ISO 27001/2 Information technology Security techniques - Code of practice for information security management.
- Knowledge of European and North American legal and regulatory requirements.
Industry standard IT knowledge
- Experience of securing operating systems (AIX, HP-UX, Solaris, Linux (RedHat), Tru64, VMS, and eDirectory, Microsoft Windows 2007-10 Server and Active Directory).
- Experience of securing database management systems (Oracle, SQL Server, Sybase and MUMPS).
- Experience of securing application technologies (Generic application controls).
- Experience of integration and application infrastructure software (eg Websphere Application Server, Websphere MQ Workflow).
Bank specific knowledge
- Understanding of the business processes and associated risks enabled by the IT solutions (eg cash management, foreign exchange, money market, loans, trade finance, settlement, risk management, financial accounting and management reporting).
SKILLS: Personal and Management skills
- Good interpersonal skills and the ability to present effectively to different types of audiences.
- Ability to manage time and tasks effectively.
- Ability to articulate thoughts and recommendation both in written and verbal format to both IT staff and business staff
- Ability to interact effectively within matrix management structures
Implementation of a security technologies or processes requires the agreement and support of many teams within IT and the business. This role includes the coordination and co-development of solutions; providing recommendations and potential solutions to the Global Information Security Officer to make the final decision; working with the relevant teams to ensure successful implementation of the solution
This position will be located in the midtown New York Office.
send your resume in confidence to firstname.lastname@example.org
New York City