Product Security Manager
- 101 N Upper Wacker Dr, Chicago, IL 60606, USA
Positioned at Publicis Groupe's core, Conversant is a marketing tech platform that helps brands transform ordinary customer experiences into meaningful, human experiences. The Conversant platform powers a connected suite of products and services called Epsilon PeopleCloud, combining leading-edge identity management, industrial-strength data and technology expertise with big brand acumen gained over five decades of working with the industry’s top brands. Our human-powered, data-led marketing delivers unmatched depth, breadth and scale to help brands create exceptional business outcomes. For more information, visit www.epsilon.com. Follow us on Twitter at @EpsilonMktg.
The Manager of Product Security is responsible for working with platform owners and client teams to understand their software platforms and help advise and guide proper secure development, hardening of systems, vulnerability and code canning management and assistance with SecOps and GSO (Global Security Office) groups. This member should have experience in software development, database development or network operations with a desire to expand their career in security.
Essential Duties and responsibilities:
- Learn assigned system platform. Collect and keep current all needed essential data of a platform including Data flows, Network Diagrams, Infrastructure, Software platforms, SDLC Processes and other related items.
- Collect and understand all needed platform requirements related to Compliance. This will include but not limited to PCI, SOC, NIST ISO 27001, PII, HIPAA (ePHI).
- Review and obtain a general knowledge of Privacy laws, how they affect our systems and how we maintain compliance
- Assist development teams on how to apply secure coding practices, properly scan and remediate their code using tools such as Veracode.
- Assist product team with compliance and audit information, assist during audits, assist in maintaining compliance related material
- Assist product team with risk management. With an understanding of the platform, help the product team work through questions and understanding of risks and related Risk Acceptance Document requests.
- Assist in managing resolution of RADs during the request lifetime.
- Assist product and client teams with communicating and understanding security concerns that arise during reviews and scans. This may involve communicating with clients directly.
- Build “trust” relationships with Product and client team members, NetEng, SecOps, VMOps, GSO and other groups as needed to accomplish goals
- Understand and implement DevSecOps in product development stream
- Assist with security incidents
- 5 to 7 years experience in either software development, database or network engineering
- Some understanding and desire to learn security operations
- A desire to expand and enhance communication and negotiation skills
- Ability to manage multiple tasks and follow through to complete each
- The desire to learn to build “trust relationships”
Great People, Deserve Great Benefits
We know that we have some of the brightest and most talented associates in the world, and we believe in rewarding them accordingly. If you work here, expect competitive pay, comprehensive health coverage, and endless opportunities to advance your career.
Epsilon is an Equal Opportunity Employer. Epsilon’s policy is not to discriminate against any applicant or employee based on actual or perceived race, age, sex or gender (including pregnancy), marital status, national origin, ancestry, citizenship status, mental or physical disability, religion, creed, color, sexual orientation, gender identity or expression (including transgender status), veteran status, genetic information, or any other characteristic protected by applicable federal, state or local law. Epsilon also prohibits harassment of applicants and employees based on any of these protected categories.
Epsilon will provide accommodations to applicants needing accommodations to complete the application process.