Director of Cyber Security

A financial firm is looking for a Director of Cyber Security to join their team in New York, NY.

Compensation: $190-240k

Responsibilities:

Application Threat Modeling:

• Perform threat modeling on applications to determine associated risks and appropriate controls.

• Understand implementation nuances and associated risk-related findings.

Application Design:

• Understand application threat models and control standards to ensure secure application design.

• Validate secure design and adoption of required security controls.

Develop and Implement Secure SDLC Processes:

• Define and implement security tools like SAST, SCA, and Secret Scanning.

• Operationalize the adoption and usage of such tools.

Application Security Awareness:

• Ensure developers and others understand secure coding and application delivery practices and expectations.

• Build out a security champion culture amongst the development teams.

Application Security Testing:

• Support application penetration testing through program development and testing execution.

• Engage in secure code reviews and overall application security assessments.

Governance and Compliance:

• Establish and enforce governance frameworks to ensure compliance with industry regulations and standards.

• Monitor and report on compliance with security policies and procedures.

Qualifications:

• 8 years of hands-on professional experience in an Application Security focused role with a background in software development (IDE/CLI).

• Bachelor's Degree in Computer Science, Information Technology/Security or a related field.

• Experience in working with software development teams, providing security oversight in complex application ecosystems.

• Proven expertise in IDEs, version control systems, CI/CD pipeline management, SDLC maturity, SaaS security tools (SCA, SAST & DAST) and application inventory management.

• Experience with Snyk and GitHub are a plus.

• Strong background in application architecture, security controls, cloud and penetration testing.

• Excellent collaboration, critical thinking skills and the ability to work in a dynamic environment.

• Familiarity with industry security standards and frameworks such as OWASP, NIST, ISO 27001 or MITRE Telecommunication&CK and testing tools like Burp Suite.

• Familiarity with the regulatory environment of the financial services industry or a similarly regulated industry and its impact on application security is a plus.

• Commitment to staying informed on security trends and threats, using this knowledge to enhance security measures.

• U.S. Citizen, operate in the Eastern Time Zone and able to report to the NYC metro area office(s).

• Professional Certifications such as CISSP, CSSLP, CASE, GWEB, CSSLP, MCSA/MCSE are a plus.