Skip Navigation

Security Product Manager

Experian is an Equal Opportunity Employer Including Disability/Veterans Job Number: 1810151 Allen, Texas

Description

Experian Global Application Security team is responsible for protecting personally identified information assets against cyber threats for customers in more than 80 countries and across Experian's business units which include 17,000+ employees across more than 40 countries. Experian Global Application Security involves supporting its customers with the optimal combination of people, processes and technologies to provide situational awareness through the detection, containment, and remediation of technology threats across the enterprise.

Help us make application security easy. Automation is essential in our ability to meet the demands of our growing development teams. This role will be the Product Security Liaison to contribute to the secure software development team, build out a scalable threat modeling framework and operate the process, manage and design automation to integrate Application Security into CI/CD, and act as the product owner of application security automation platform. This is a growing team, with senior leaderships support and visibility. This role is involved in projects or issues of high complexity that requires an individual who can quickly think on their feet, challenge the status quo, and rapidly move from ideation to delivery. This position will report to the Director of Development Security Operations.

Primary Responsibilities

  • Contribute to a team responsible for conducting static code analysis, threat modeling and developer training program
  • Develop and execute secure software development strategy for the enterprise, including policies, standards and governance
  • Manage and design automation to integrate Application Security into various CI/CD across the enterprise
  • Develop communications program for application threats and external and internal security events.
  • Improve and expand application security risk posture and processes across the enterprise
  • Create and supports metrics that report application risk posture and progress over time.
  • Develop and maintain relationships across EGSO, the security industry, peer organizations and other entities as necessary to benchmark Experian’s Application Security program and keep current in best practices.
  • Manage continuous release planning and execution, and integrate with security design and engineering work across multiple groups and technical constituencies.
  • Develops and mentors peers to achieve career goals
  • Leads cross-functional teams to define objectives, strategies and domain performance metrics
  • Evaluates and utilizes outside consultants to support security capabilities

Primary Responsibilities

  • Contribute to a team responsible for conducting static code analysis, threat modeling and developer training program
  • Develop and execute secure software development strategy for the enterprise, including policies, standards and governance
  • Manage and design automation to integrate Application Security into various CI/CD across the enterprise
  • Develop communications program for application threats and external and internal security events.
  • Improve and expand application security risk posture and processes across the enterprise
  • Create and supports metrics that report application risk posture and progress over time.
  • Develop and maintain relationships across EGSO, the security industry, peer organizations and other entities as necessary to benchmark Experian’s Application Security program and keep current in best practices.
  • Manage continuous release planning and execution, and integrate with security design and engineering work across multiple groups and technical constituencies.
  • Develops and mentors peers to achieve career goals.
  • Leads cross-functional teams to define objectives, strategies and domain performance metrics
  • Evaluates and utilizes outside consultants to support security capabilities

Knowledge, Experience & Qualifications

EDUCATION/EXPERIENCE

  • Bachelor’s degree in related field (Business, Information Services, IT, Information Security, etc.); Master’s preferred.
  • 10 years of escalating managerial work-experience in a highly diversified organization. 10+ years of increasing responsibility and work complexity to include progressive management roles in large, complex organizations.
  • At least 5 years of experience with Applications Security, including familiarity with the leading tool sets supporting Application Security (dynamic and static)
  • At least 2 years of experience with product design, delivery, and ownership and threat modeling
  • Deep experience in enabling organizations with DevSecOps
  • Deep experience with establishing and executing application security strategy
  • Strong experience in static code analysis and third party software composition analysis
  • Strong experience in establishing and rolling out Threat Modeling enterprise wide that can be consumed by developers and engineers
  • Strong experience building security communities across the enterprise through evangelism and training programs
  • Ability to prioritize and set the destiny of a security product suite and the application security program
  • Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
  • Strong self-starter with team-oriented interpersonal skills, with the ability to interface and influences effectively senior management, IT leaders, and technology vendors.
  • Strong problem solving and program execution skills. Ability to prioritize and drive difficult decisions among heads of development teams and CTOs.
  • Ability to solve very complex security issues that span legal, compliance and regulatory obligations across various lines of business and shared service areas of the company.
  • Knowledge of common information security management frameworks, including but not limited to: ISO 27001/27002, ITIL, COBIT and NIST.
  • Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is desired.