Security Leader - Corporate Product and Engineering - Boston, MA
Job no: 509181
Brand: Flight Centre Travel Group
Work type: Full time
Location: Massachusetts, New Jersey
Categories: Information & Technology
Security Leader - Corporate Product and Engineering
Department: Enterprise Risk
The FCTG Security Leader - Corporate Product and Engineering is a technical, business driven leader who will be responsible for driving a comprehensive industry-leading Product Cyber Security function focused on protecting our FCTG Corporate Travel businesses. This leader will bring hands-on experience as well as thought leadership related to the role to the Corporate business, including the product management and engineering community at the intersection of the Secure Software Development Lifecycle (SSDLC), advanced cyberthreats, customer requirements, and business driven values. The Security Leader - Corporate Product and Engineering will have a strong understanding of security and privacy principles, standards and frameworks, Agile, DevOps, Continuous Delivery and DevSecOps tooling and processes, experience leading and engaging with talented engineering communities and a sound understanding of the regulatory environment affecting Global businesses. The Security Leader - Corporate Product and Engineering requires a keen understanding of the business drivers affecting security within the company, security scanning processes and technologies, cloud security architectures patterns and experience with software engineering and release processes particularly with technologies used in agile and cloud first environment. This individual will be able to apply practicality and assertiveness in both communication of and execution of embedding security within the Corporate Product and Engineering operations. The Security Leader – Corporate Product and Engineering will be comfortable communicating with the full range of stakeholders including customer, senior and operational business leaders and also product manager, engineers and DevSecOps team members.
- Product and Engineering leaders
- Business leaders (predominantly Corporate)
- In house legal teams
- Group and regional Chief Privacy Officers
- Group IT shared Services Leader
- Regional IT and Security leaders
- Role Type Permanent full time
- Residency required in country of employment
Security in Engineering:
- Work with CISO and Corporate CXO, CPO, CTOs and Engineers to create and implement a framework to ensure that security and compliance is embedded into product and engineering within our Corporate businesses.
- Ensure that the framework meets regulatory and contractual requirements as well as ensuring that controls are appropriate based on the business threat landscape and risk appetite.
- Evaluate tools, systems and processes within the pipeline and SDLC to ensure that control objectives continue to be met and drive incremental improvement around reducing blockers and increasing security quality within products.
- Develop and drive approaches to identify and prevent security vulnerabilities earlier in the development process in an automated scalable manner and work with engineering to deploy and utilize these approaches
- Work with CISO, Risk and Business Leadership to identify risk exposure and assist in managing the security risk to the organization within the risk appetite
- Review and evaluate new security technologies and practices for introduction into the organization to reduce risk
- Implement a systematic and structured process for the identification and management of security risks within the scope of the individuals role.
- Develop and maintain a program that informs the FCTG board, business leaders, domain and group leadership of the top security risks and overall security health of products
- Lead the implementation and management of an internal and external audit and security testing program to validate compliance with security policy and industry best practice including certification of products against security compliance standards such as ISO 27001, SOC 2 Type II, etc
Security Awareness and Business Engagement:
- Coach and mentor DevOps and engineers in Secure Software Development Lifecycle techniques and tools, use trending and reporting to tailor security awareness focus areas with engineering and DevOps teams.
- Assist the CISO with the maintenance of the FCTG security standards which will be used to assess maturity and compliance in markets.
- Assist the CISO in working with Sales and Account Management team to meet with customers to provide Information Security expertise.
- Work with product and engineering teams to ensure projects and applications are designed and implemented in line with security policy and best practice
- Work with business stakeholders to provide security guidance and input
- Creation of customer facing security documentation
- Maintain information security responses in internal RFP system and assist business in responding to security questionnaires
Security and Product Risk Management
- Assist the CISO, Business and Internal legal teams in the review, markup and negotiation of the Information Security requirements in customer contracts.
- Prepare written reports and in person briefings around areas of non-compliance and contribute to providing options to manage risks associated with non-compliance.
- Prepare reports on new trends in customer Information Security requirements.
- Feed customer requirements into ongoing assurance activities to ensure ongoing compliance risks are known, owned and managed.
Key Role Requirements
- Highly developed leadership and influencing skills
- Self-awareness and exceptional ‘EQ’ and soft skills
- Demonstrated highly developed oral and written communication skills, with the ability to communicate comfortably with large groups and executives, and to articulate technology visions, risks and solutions to non-technical stakeholders
- Ability to collaborate, maintain working relationships with, and gain the trust of stakeholders throughout the organization
- Self-motivated and energetic
- Excellent attention to detail
- The ability to take the initiative, make informed and measured decisions and deliver outcomes from those decisions
- The ability to analyze and simplify complex problems, evaluate them systematically, identify causal relationships and construct frameworks for problem solving
- The ability to think ahead and establish an appropriate course of action taking into account the constraints imposed
- 5+ years of experience in information security and development or product management roles
- Managerial experience in an information security leadership role
- In-depth knowledge of Security frameworks such as ISO27001/2, PCI DSS, SCA, SOC 2, etc
- In-depth knowledge of Secure development standards such as OWASP, NIST Top 20
- Experience and ability in creating meaningful security reporting
What Flight Centre Travel Group can offer you:
- Strengths based culture
- Relaxed dress attire
- In-house travel planner to book discounted hotel & air
- National/International Award Nights
- Diversity & Inclusion initiatives
- Benefits including vision, medical, and dental after one full month of employment
- 401K program
- Generous paid-time off policy
- Free and confidential access to our in-house financial advisor (401K, Stock Plan)
- Life Insurance, Short/Long-Term Disability, Employee Assistance Program, Health Advocate and MD Live
- Proud Corporate Social Responsibility platform through the Flight Centre Foundation and Brighter Futures program supporting nominated charities through Workplace Giving, Volunteering and Fundraising.
- Employee giving program
- Annual Charity Trip
- Office Environmental Program
- 1 Volunteer Day per Calendar Year
Location: Boston, MA
FCTG USA is an affirmative action-equal opportunity employer searching for talented people who have a desire to build a rewarding, fun, and exciting career with a company that loves to celebrate your success! Please contact firstname.lastname@example.org if you need any assistance.
Back to search results Apply now