Manager, SecDevEx

Responsibilities

• Set high-level strategy and direction for secure software development and software supply chain practices, establishing clear expectations, goals, and success metrics. Collaborate with cybersecurity experts, technology teams, vendors, and business leaders to define and enforce controls that protect enterprise assets and enhance developer experience with security processes.
• Mentor and lead a global team of application security professionals to improve developer experience around security tools and workflows.
• Partner with Vanguard development teams to integrate security tools, standards, and processes into the Secure Software Development Lifecycle (SSDLC), enabling automated vulnerability detection and real-time remediation guidance.
• Coordinate with development teams to promote secure coding practices and deliver clear documentation and guidance on secure development standards.
• Drive security awareness and training initiatives for developers to foster secure coding habits across Vanguard.
• Identify and implement improvements in security testing and vulnerability management processes to reduce developer friction and enhance efficiency.
• Define and standardize measurement criteria across Vanguard to demonstrate improvements in developer experience with security tooling and processes.
• Integrate security tools directly into IDEs and leverage GenAI capabilities to deliver real-time remediation recommendations to developers.
• Launch and manage a secure code training platform in collaboration with other security teams, including designing training curriculum tailored to technical audiences that aligns with compliance standards.
• Lead secure software supply chain initiatives, including SBOM generation, artifact signing, provenance tracking, and alignment with industry standards.
• Deploy and maintain application security tools, processes, and documentation aligned with OWASP Top 10, current threat intelligence, and industry best practices.
• Define, implement and maintain security policies and coding standards ensuring alignment with organizational risk posture and regulatory requirements.
• Develop and maintain a technical roadmap for security tooling and controls to stay ahead of evolving threats and developer needs.
• Translate technical security strategies into business-aligned objectives for product and executive leadership.
• Establish a governance framework to benchmark program maturity and team performance.
• Proactively resolve and thoroughly document audit findings and associated risks, ensuring timely closure and alignment with compliance standards.