JREQ107937 Sr Director, Secure Development Lifecycle - F&R

Job Description

This role sits within our Financial & Risk ("F&R") business. On January 30, 2018, Thomson Reuters announced that it signed a definitive agreement to enter into a strategic partnership with private equity funds managed by Blackstone related to the company's F&R business. As part of the transaction, Thomson Reuters has agreed to sell a 55% majority stake in Financial & Risk and will retain a 45% interest in the business. Thomson Reuters will maintain full ownership of its Legal, Tax & Accounting and the Reuters News businesses. The transaction is expected to close in the second half of the year and is subject to specified regulatory approvals and customary closing conditions. When the transaction closes, this role will be included in the new F&R entity. Further information on this can be found at https://www.thomsonreuters.com/en/press-releases/2018/january/thomson-reuters-and-blackstone-announce-strategic-partnership-for-thomson-reuters-financial-and-risk-business.html

Financial & Risk is looking for a highly skilled cyber security specialists to join our growing team in Nottingham. Our team will be home to a number of critical cyber security disciplines, designed to improve the overall security posture of F&R- including its assets, data and operations. Be part of an exciting, fast-paced environment that will help F&R strengthen its position.

F&R's Information Security & Risk Management (ISRM) team is looking for a strategic, innovative change agent to drive security design principles and requirements into secure development. In this role, you will collaborate with technology peers and dedicated business unit software & product developers to implement security into disparate solutions. This role will be responsible for baking security policy, best practices and guidance across our software development processes.

The ideal candidate will possess the right demeanor, skillset and experience to understand and explain strategic security issues to audiences of mixed technical abilities. A passion and solid understanding of software development, cloud technologies, open-source, and developing the latest technologies in a dynamic agile environment. Able to deal with innovative ideas and solutions, while remaining grounded in solid security practices.

Intrigued by a challenge as large and fascinating as the world itself? Come join us.

To learn more about what we offer, please visit thomsonreuters.com/careers.

More information about Thomson Reuters can be found on thomsonreuters.com.

Essential Responsibilities:

  • Significant hands on software engineering experience
  • Successful track record of delivering quality results in complex cross-functional projects
  • Experience with large-scale distributed systems and client-server architectures
  • Experience leading a complex distributed systems project
  • Experience with automation, monitoring
  • Experience with Cloud Computing platforms (e.g. Amazon AWS, Microsoft Azure, OpenStack, Google Compute or App Engine, Hadoop, etc.)
  • Solid understanding of the Software as a Service (SaaS) model
  • Java and object oriented development experience
  • Python, Ruby or other scripting language experience


  • Bachelor's degree in an IT discipline
  • Extensive hands-on experience in software engineering
    • Fully competent in most of the programming languages, software engineering methodologies, and software development tools our team uses:
      • Java, Groovy, jUnit, Spock, SQL, Elasticsearch
      • Angular2, ngrx, HTML5, JSON
      • AWS, UNIX/Shell, Jenkins, Gradle
      • IntelliJ, GIT, TFS
      • Aspose, JxBrowser
  • Proven experience within banking or a significantly financially-regulated organisation
  • Extensive experience of application/product security experience in a large enterprise.
    • Demonstrated and hands-on experience in the following areas:
      • Source code auditing, penetration testing, product assessments, vulnerability research, and reverse engineering
  • Strong understanding of the software development lifecycle (SDLC).
  • Willing to travel internationally up to 20%.
  • Familiarity with common software flaws that lead to exploits, and experience with techniques for securing embedded systems (e.g. ASLR).
  • Strong experience in conducting static analysis (SAST), dynamic analysis (DAST), security technical implementation guide (STIG), and fuzz testing (FUZZY) and vulnerability scans
  • Experience with various security tools and products (Fortify, Burp Suite, HP Webinspect, Checkmarx, Nessus, IBM AppScan, etc.)
  • Experience with common security scoring systems - CVSS v3 and CWSS, and secure coding standards/best practices
  • Experience identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25.
  • Excellent verbal and written communication skills.
  • Successful candidate should be passionate about open source software and sharing information. For example, this may include presenting at conferences or working collaboratively within Thomson Reuters.
  • Industry-related certifications such as CISSP or Amazon Certified Solutions Architect
  • Must have unrestricted authorization to work in U.K.
  • Must submit to a background investigation, including verification of past employment, criminal history and educational background

Desired Characteristics:

  • Familiarity with security automation tools for cloud resources such as AWS, Azure, and Office365
  • Good business acumen with a successful track record in aligning to business drivers
  • Strong Report writing and document creation skills, including Microsoft PowerPoint
  • Critical thinking and analysis skills
  • Team player with ability to execute in a matrix structure, across time zone and national boundaries
  • Proven track record of problem solving and creative thinking
  • Exceptional communication skills
  • Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications.


At Thomson Reuters, we believe what we do matters. We are passionate about our work, inspired by the impact it has on our business and our customers. As a team, we believe in winning as one - collaborating to reach shared goals, and developing through challenging and meaningful experiences. With more than 45,000 employees in more than 100 countries, we work flexibly across boundaries and realize innovations that help shape industries around the world. Making this happen is a dynamic, evolving process, and we count on each employee to be a catalyst in driving our performance - and their own.

As a global business, we rely on diversity of culture and thought to deliver on our goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under country or local law. Thomson Reuters is proud to be an Equal Employment Opportunity/Affirmative Action Employer providing a drug-free workplace.

Intrigued by a challenge as large and fascinating as the world itself? Come join us.

To learn more about what we offer, please visit thomsonreuters.com/careers .

More information about Thomson Reuters can be found on thomsonreuters.com.

Nottingham-United Kingdom

Back to top