I. Job Summary | Major goals and objectives.
The Director Application & Cloud Security position facilitates identification, evaluation, selection, and implementation of application security and cloud security processes products, and services to meet strategic goals and business drivers. This position protects application and cloud security services and aligns with Meredith business units, application development teams, digital operations teams, IT infrastructure teams, and other technology providers.
The Director Application & Cloud Security position collaborates to:
- develop, institute, and maintain secure application development processes across the enterprise
- develop, institute, and maintain cloud security architecture standards
- identify and facilitate remediation of application and cloud security exposures and vulnerabilities
- perform risk assessments of internal and external applications, web sites, cloud services, and technology platforms and facilitate appropriate risk mitigation with various technology delivery teams
This position has strong application security skills and cloud infrastructure services delivery experience, has excellent communication skills, strong relationship building abilities, and effectively interacts with senior executives and business stakeholders
II. Essential Job Functions
Accountabilities, Actions and Expected Measurable Results
Lead the Application and Cloud Security Team
Develop, lead, manage, and maintain the application & cloud security team to protect information assets of the Company. Build a cohesive team that works well together and develop individual technical skills and abilities to ensure the team’s ability to support future information security needs of the Company. Design information security architecture in conjunction with the Director Infrastructure Security, and the Director Security Governance as a member of the information security architecture team. Stay current with application development and cloud security technology. Participate in IT leadership discussions, strategic initiatives, budget planning, and technical direction.
Collaboratively develop, institute, and maintain secure application development processes across the enterprise with application development teams and digital operations teams. Develop and deploy technology, processes, procedures, and automation to identify and resolve security vulnerabilities to protect Company information assets and prevent data loss, prevent data compromise, and prevent service instability. Collaborate with development teams to incorporate secure code development practices into the development process such as dynamic testing, code reviews, static code testing, web application scanning, and application developer secure code training.
Collaboratively develop, institute, and maintain cloud security architecture standards with application development and digital operations teams. Develop unified cloud security architecture standards and guidelines for Meredith leveraging the cloud security standards. Perform cloud security architecture reviews. Conduct cloud security gap assessments across Meredith cloud deployments. Develop, integrate, and automate cloud security controls to protect Meredith cloud assets.
Vulnerability Scanning and Penetration Testing (Red Team)
Collaboratively identify and facilitate remediation of security exposures and vulnerabilities. Systemically perform web site vulnerability scanning and penetration testing across the major web site properties of the Company. Collaboratively detect and remediate data security issues within the Meredith application and web site environments. Perform OSINT (open source intelligence) style assessments to determine if Company employee’s details are available publicly. Collaboratively develop and test application and web site incident response plans.
Technology Risk Assessments
Perform security risk assessments of internal and external applications, web sites, cloud services, and technology platforms and facilitate appropriate risk mitigation with various technology delivery teams. Risk assessments include application assessments for inhouse and third-party applications, and periodic re-assessments of existing deployed applications including: web based assessments including 3rd party portals, API’s, internal developed sites and tool sets, AWS account reviews ensuring permissions and architecture comply with defined standards, Desktop application security assessments, Infrastructure device security assessments, Network integration security assessments, Data transfer security assessments, etc.
Other Duties as Assigned
Perform other duties contributing to the goals and objectives of Meredith Corporation, Meredith IT, and Meredith Information Security.
III. Minimum Qualifications and Job Requirements | All must be met to be considered.
Bachelors Degree in Information Assurance, Computer Science, Information Systems or similar discipline; Masters Degree beneficial.
Minimum of 7 years’ information technology experience consisting of a combination of secure application development, cloud infrastructure deployment, and information security.
Must have experience managing people, providing work direction, managing complex projects, and delivering results in an environment with competing priorities.
Must have experience developing secure software using state of the art technologies, and deploying secure cloud infrastructures. Must have experience identifying and remediating technology and application risks.
Current information security certifications such as CSSLP, CCSP, CISSP, CISM are beneficial.
Specific Knowledge, Skills and Abilities:
Ability to manage the work activities and deliverables of subordinates.
Ability to deliver results through facilitation and collaboration.
Ability to quickly assimilate and apply new job-related information.
Ability to listen to customer’s needs and provide appropriately security solutions.
Ability to work independently, reliably, and responsibly.
Ability to handle confidential information with integrity.
Relationship building skills.
Written and verbal communications skills.
Project management skills.
Vendor management skills.
Knowledge of OWASP secure coding practices.
Knowledge of common information security management frameworks such as NIST, ISO, COBIT, ITIL.
% Travel Required (Approximate): less than 10%