Director of Application Security Assurance
Vanguard operates in a complex, highly regulated environment and, as stewards of trillions of dollars, we must preserve the integrity of our systems and software. We depend on our Security experts to provide assurance that security related issues are addressed within the IT environment. We are currently seeking a Director of Security Assurance to identify and eradicate software vulnerabilities.
In this role, you'll be empowered to sit at the table with CIOs and modernize our approach to DevSecOps in an inclusive environment that welcomes diversity of thinking and input from all voices. IT leaders will seek your expertise to drive error-free coding and ensure Vanguard's systems and computing infrastructure are securely designed, architected, implemented, and managed. This role is perfect for professionals who seek opportunities to act as proactive consultants, offer inventive solutions, lead high-performing teams, and help address a wide range of multifaceted and compelling issues.
How you'll spend your days
As Director of Application Security Assurance, you'll spend your days leading the identification, assessment, mitigation, monitoring, governance, and reporting of software vulnerability throughout IT. As the leading assurance advocate, you'll develop and present security assessment reports to leaders - highlighting findings, trends, and level of exposure. This may also include presentations to the Information Security Steering Committee & Divisional staff meetings.
As the application security champion, you'll work with all IT sub-divisions to recommend and develop new security solutions, and/or modify existing workflows and SDLC processes. Applying deep technical expertise, you'll evaluate software's ability to meet defined control objectives, determine remediation requirements, and identify impacts to IT and business unit operations. Since we employ a wide array of systems, you'll also prioritize software analysis.
You'll cultivate effective working relationships with key partners, such as other Security teams, Legal, Fraud, Compliance, Contingency, and Audit as well as lead cross functional teams.
To further address critical security risks to the business, you'll act as a key stakeholder across various Security Governance teams.
As the owner of vendor relationships, you'll partner with prominent security consulting firms, in addition to directing and managing a significant security consulting budget. Although vendor work is a key component of our Security Assurance framework, Vanguard is increasing internal expertise, so you'll also manage the training and upskilling of our Security crew. This will include making appropriate updates to policies/procedures related to Software Assurance and guiding developers in preventing future or reoccurring errors.
As a people leader, you'll develop your team by providing guidance, personalized coaching, and constructive feedback. Fostering a warm, collaborative, and challenging work environment will enable a culture of engagement and trust. Striking a balance between operational and control needs will further drive effective partnerships.
- Minimum of eight to ten years' broad senior technical, operations, or applications experience. Financial services industry experience, preferred.
- 3+ years of experience with Application Security, Application Penetration Testing and DevSecOps.
- Previous experience as a People Manager required.
- Strong understanding of the variety of application development architectures, platforms, methodologies, and supporting operations.
- Familiarity or experience with integrating application security assuming technologies into CI/CD pipeline.
- Familiarity with tools such as Veracode, Sona Type, and Fortify, SCA.
- An undergraduate degree in IT or related discipline, or an equivalent combination of education and experience.
- Industry certifications (CISSP,GSEC, GPEN, GWAPT, GWEB, etc.) preferable.
- Comprehensive understanding of the major underlying technologies used by developers to deliver technology solutions.
- Previous hands on experience as a technical lead and architect, focus on security preferred.
- Excellent leadership, interpersonal, verbal and written communication, presentation, and problem solving skills.
- Excellent knowledge of risk analysis, application and system software (including security software and hardware), related capabilities, and performance characteristics.
- Technical knowledge of IT processes to include configuration management, networking, database management, application coding, availability, data center operations, etc.
- Excellent understanding of technical security safeguards.
- Strong IT experience related to software development and/or technical operations.
- Solid business acumen, flexibility, and judgment to evaluate issues/problems of high complexity and make sound decisions.
- Strong influencing skills to include negotiation, problem solving, and conflict resolution.
- Strong project management and people management skills.
- Solid analytical skills and understanding of processes, technology and operational concepts.
- Ability to interact effectively at all levels of personnel.
Vanguard is not offering visa sponsorship for this position.
Back to top