Sr. Manager, Application Security (Perm -Hybrid at our Chicago HQ near O'Hare Airport)

The Sr. Manager, Application Security will develop sound security development practices and ensure that the application is secure not only from the inside but also from the edge infrastructure using various tools like WAF, BOT Defense and other technologies. Recommend programmatic controls, monitor and manage secure development practices to address modern-day issues. Understand penetration testing and also work with third-party vendors to perform detailed penetration testing on digital applications. As issues are uncovered work with the appropriate technical and leadership teams to ensure focus on risk mitigation, allowing for business requirements while reducing risk exposure. Lead efforts to establish and improve secure SDLC activities and identify tools to integrate into the Agile development process to aid in evaluating the security of the applications by leading the application security team and giving directions. Identify security flaws/vulnerabilities and establish processes to document, track, and work with development teams to ensure remediation. Lead efforts to create an appropriate application security testing plan based on features and changes scoped in for new updates (releases) for the applications.
Responsibilities

• Lead the Secure DevOps application security program by building, executing, and documenting a Secure Software Development Lifecycle.
• Ownership of SAST/DAST tools and accountability for their upkeep and maintenance.
• Application security leadership on best practices regarding security in software development, mobile applications, user interface design frameworks, high-performance messaging solutions and cloud-based solutions.
• Act as subject matter expert (SME) in securing web and mobile applications against common issues (including OWASP Top 10).
• Determines security requirements by understanding business strategies, knowing information security standards, conducting system security and vulnerability analyses and risk assessments, studying architecture/platform, identifying integration issues, and preparing cost estimates.
• Provide metric reporting to the Office of the CISO for inclusion in the risk scorecard analysis provided to the leaders.
• Collaborate with the corporate security governance team accountable for compliance with internal SLA and policies.
• Research security technologies and maintain knowledge of current and emerging technologies/products/trends related to security architectural solutions.
• Develop IT security programs and recommend necessary changes to the information security team to ensure the company's systems are fully compliant with applicable regulatory requirements and privacy laws.
• Act as a change agent and drive the department and business forward using effective management, analysis and strategic skills.
• Lead security-related projects from inception to successful completion and is capable of effectively coaching technology staff on appropriate security protocols and needs as they implement new technology into the organization.
• Deliver superior results through quality execution and best practice adaptation.
• Translate strategic and operating plans into the meaningful direction of projects, goals, priorities and activities.
• Plan, oversee and lead the work of the team to meet functional and individual operational objectives and goals. Coach, mentor, and develop staff, including overseeing new employee onboarding and providing career development planning and opportunities. Responsible for hire, fire, performance, discipline and problem-resolution decisions.

Education:

• Bachelors Degree - Business, Computer Science or Related - Minimum

Years of Experience:

• 7 Years - Application Security, Application Security Development or related - Minimum
• 3 Years - People Management

In Lieu of Education:

• 8 years - Application Security Development including People Management

License/Certifications/Training:

• Certification - GCIH, GPEN, OSCP, GREM, CISSP, CISA, CISM or other Incident response certifications - Preferred

Compensation & Benefits:
Typical hiring range:‏‏‎ ‎$148,800 - 215,800 Annually. Actual compensation will be determined using factors such as experience, skills & knowledge.
Additional Compensation: Annual performance bonus
‎Benefits: Alliant provides a benefits package including health care, vision, dental, and 401k with employer match.
Additional Benefits:

• Work from home up to 3 days a week
• Paid parental leave
• Employee discount programs
• Time off including paid personal and sick days
• 11 paid holidays
• Education reimbursement

*Note that eligibility and cost of benefits can vary depending on the number of regularly scheduled hours, and job status such as regular full-time, regular part-time, or temporary employment.
Adhere to and ensure compliance of all business transactions with policy and process of the Bank Secrecy Act. Ensures compliance with all applicable state and federal laws, company procedures and policies. Maintains integrity and ethics in all actions and conversations with or regarding credit union members and their accounts; complies with Privacy Act directives.
The responsibilities listed do not contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this position. Duties, responsibilities and activities may change at any time with or without notice.