DescriptionThe Senior Security Advisor plays a critical role in facilitating the continued growth and stability of our security practice. This position will fill an internally facing role of mentor and guide to other security practice members and deliver an exemplary client experience externally. The Senior Security Advisor will also collaborate with business development to help gather requirements to define and execute our application security offerings. To be successful in all areas of this role, the Senior Security Advisor will need to possess the ability to communicate effectively with both technical and senior non-technical business teams. Focusing on the development of the appropriate message for each audience is key.
PRIMARY RESPONSIBILITIES
- Develop, implement, and advise organizations on the creation of robust security architectures for application development projects, ensuring alignment with industry best practices and organizational security policies. This includes understanding the unique security requirements of different applications and cloud platforms and developing solutions to address them.
- Experience building trusting relationships with senior business stakeholders by providing strong advisory services related to their cybersecurity programs, risks, and stature.
- Drive the direction associated with planning, executing, and overseeing security testing activities, including but not limited to static code analysis (SAST), dynamic application security testing (DAST), and penetration testing, to ensure application integrity and resilience.
- Stay abreast of emerging technologies and trends in application development and cloud security and evaluate their potential impact on the organization's security posture to ensure top level support of clients and their environments.
- Establish security governance processes to ensure that security requirements are integrated into all phases of the application development lifecycle and cloud deployment process. This includes defining security policies, standards, and procedures and monitoring compliance with these requirements.
- Partner with business development to assess the scope of work and provide guidance into solution development and strategic service growth opportunities.
- Educates on and advises on necessary compliance with relevant regulatory requirements, industry standards, and internal security policies throughout the application development lifecycle.
- Provide guidance and oversight to development teams on security governance processes, including access control, authentication, encryption, and data protection measures.
- Conduct threat modeling exercises to identify potential security threats and vulnerabilities in applications and cloud infrastructure, within our client environments by analyzing the security implications of application design decisions and cloud configuration settings.
- Develop and implement mitigation strategies to address identified risks effectively.
- Guide assessment projects to ensure that applications and cloud environments comply with relevant security standards, regulations, and best practices.
- Conduct compliance assessments, implement security controls, and guide development teams on compliance requirements.
- Promote security awareness and best practices among development teams and other stakeholders.
- Maintain comprehensive documentation of security processes, procedures, and findings.
- Prepare regular reports and presentations for senior management to communicate the status of application security initiatives and metrics.
- Mentor security team members and clients and promote a culture of security excellence within the organization.
RequirementsTECHNICAL SKILL REQUIREMENTS
- Demonstrated experience translating technical issues into business risk for senior non-technical audiences.
- Core technical background in three of the five primary security focus areas for SysLogic: Security Operations, Engineering(software), Threat Intelligence and Verification, Risk Assessment, and Governance. Competencies in engineering, threat intelligence, and verification are highly desired.
- Understanding regulatory compliance and its relation to application security and privacy.
- Strong working knowledge of enterprise software architecture, application security, and security governance.
- Understanding of cybersecurity industry standards and frameworks, such as OWASP ASVS, NIST SP800-53, NIST CSF, and BSIMM, and their utilization within client environments.
- Experience in cybersecurity policy/standards definition and related governance.
- Understanding Identity and Access Management principles, including B2B and B2C contexts.
- Solid exposure to the secure development life cycle.
- Understanding regulatory compliance and its relation to application security and privacy.
- Security based certifications such as CISSP, CSSLP, CEH, CASP+, CISM or other applicable certification.
PROFESSIONAL SKILL REQUIREMENTS
- Organize, develop, and present high-quality briefings, written summaries, and reports appropriate for technical and senior executive audiences.
- Present openness to new ideas, approaches, and technologies to address core business needs and align to risk tolerance.
- Exhibit strong organizational, time management, and presentation skills in virtual and face-to-face environments.
- Build strong client, partner, and peer relationships to enable effective influence audiences at all levels within client and SysLogic environments.
- Present a substantial background in the development of technical strategies and approaches that are in alignment with business direction and strategy.
- Consistently exhibit above-average oral and written communication skills and the ability to present to groups of varying sizes and audiences in ad-hoc and prepared situations.
- Collaborate effectively with high-level business and technical teams to prioritize the highest risk or priority items.
- Demonstrated history of developing strong partnerships with business development, marketing, and delivery strategy to assist with solutioning, messaging, and execution.
Position requires travel 4-6 times per year with no more around 20 days away from home per year.
Candidates residing in WI, IL, MI, OH, IN, AR, SC, PA, and FL will be given priority over other locations. We currently are not seeking employees located in CA, WA, NY, NJ or MA.
Benefits - Health Care Plan (Medical, Dental & Vision)
- Retirement Plan (401k, IRA)
- Life Insurance (Basic, Voluntary & AD&D)
- Paid Time Off (Vacation, Sick & Public Holidays)
- Family Leave (Maternity, Paternity)
- Long Term Disability
- Training & Development
- Work From Home