Director, Information Security - DevSecOps
- Full-time
- Career Site Team: Technology and Engineering
Job Description
NielsenIQ is maturing its DevSecOps programs and is recruiting an experienced cybersecurity leader who will be responsible for securing a modern DevOps pipeline focused on deploying to Microsoft Azure, experience with DevOps in GCP and AWS is a plus. You will be supporting programs across all geographies and business units.
As the Director, you will be responsible for expanding the coverage and efficacy of the security tools throughout the lifecycle of the development pipeline. From the moment an idea is conceptualized by a product manager, developer submits code for review, to when the code is deployed into the cloud, your job will be to evaluate the efficacy of the processes and controls within the software development lifecycle.
In this role, the ideal candidate will help define and build the DevSecOps strategy and roadmap working closely with NielsenIQ’s application development teams and DevOps teams. This key role requires extensive experience in enterprise level cybersecurity, technology and influence. Experience with the following processes:
- Security tools within the CI/CD pipeline
- Secure Software development lifecycle
- Static and dynamic application security tools
- Infrastructure as Code security tools
- API security tools
- Cloud security architecture
Experience leading change and implementing technology and critical controls across a global, diverse enterprise is required. The candidate will be a self-motivated, detail-oriented performer who has a strong desire to influence and the ability to create and execute an application security program. The position will involve working closely with application development teams, business units, technical and non-technical stakeholders to drive the adoption and maturity of the NIQ cloud and application security programs.
What you’ll do
- Create the vision, roadmap and execution plans for DevSecOps program
- Work with the architecture team to identify baseline security controls and hardening requirements
- Work with the Security Operations Center to identify security monitoring requirements for Cloud based systems, applications and workloads
- Define processes and leverage technology and service providers to enhance DevSecOps process
- Develop metrics to track SAST and DAST tools coverage, SLAs for scanning, bug bounty programs
- Mentor security team members in security best practices for cloud security operations
- Partner with the threat intelligence teams to identify shadow IT and applications
- Establish strong relationships, trust and credibility with key internal stakeholders and partners in enterprise technology, architecture and application development
- Lead the creation and implementation of a security champions program that includes application development team members, DevOps, SREs and - recruit and train security champions as part of a community of security minded software developers
- Create application design and development standards and recommendations for enhanced security including standard patterns for authentication, logging, error handling, business logic
We’re looking for people who have
- Bachelor’s degree in a technical field including Computer Science, Information Systems, Math, Physics, Science or similar desired - experience in government, military or in other capacities with similar focus can be substituted
- Experience working with government or military including nation state and sophisticated cybercrime experience including knowledge of sophisticated hacking techniques, malicious actors, IOCs, TTPs and the ability to translate intelligence into action is highly desirable
- Demonstrated engagement in security conferences, training, learning, associations is highly desired and fully supported
- Self-starter, technology and security hobbyist, enthusiast
- Lifelong learner with endless curiosity
- Extreme ownership and desire to create change and move the needle along with the ability to execute with discipline
- Experience working with and securing modern enterprise technologies including containers, virtualization, cloud, secrets management, orchestration, authentication, SSO, MFA, federation in multi-cloud environments, passwordless, zero trust
- Experience with modern software development and delivery processes at enterprise scale, including SSDLC, DevOps, DevSecOps, and CI/CD pipeline and tools
Additional Information
All your information will be kept confidential according to EEO guidelines.
About NielsenIQ
NielsenIQ is a global measurement and data analytics company that provides the most complete and trusted view available of consumers and markets worldwide. We provide consumer packaged goods manufacturers/fast-moving consumer goods and retailers with accurate, actionable information and insights and a complete picture of the complex and changing marketplace that companies need to innovate and grow. Our approach marries proprietary NielsenIQ data with other data sources to help clients around the world understand what’s happening now, what’s happening next, and how to best act on this knowledge. We like to be in the middle of the action. That’s why you can find us at work in over 90 countries, covering more than 90% of the world’s population. For more information, visit www.niq.com.
NielsenIQ is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action-Employer, making decisions without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability status, age, marital status, protected veteran status or any other protected class.