Head of Secure Development
London
Inside IR35
Mindset
* An inquisitive approach, always asking how to achieve goals in a smarter and more effective way
* An ability and interest to learn and experiment with new approaches to achieve business and cybersecurity outcomes, in different and often challenge contexts.
* Proven ability to forge innovative approaches to complex and complicated problems, including the use of research and/or experimentation, in-role or via academia.
Strong Risk and Controls understanding
* Knowledge and exposure of the application of Risk and Control Management and associated frameworks, preferably from a multi-market institution
* Fluent ability in articulating technical threats, scenarios, controls and risks to both technical and business stakeholders.
Strong Technical background
* Proven experience in senior/leadership roles in security development, application security and/or security architecture
* Proven experience in DevOps / DevSecOps including Agile and Waterfall Software Development lifecycles
* Proven experience working in a large scale, multi-national and technologically diverse environment
* Proven experience on integration of various security technologies (e.g. SAST, DAST, IAST, container security) and practises (e.g. Policy-as-Code) within DevOps pipelines (Jenkins, GitHub, Chef, Ansible, Nexus, etc)
* Expert understanding of Security concepts and principles.
* Excellent understanding of platform-specific security risks, common vulnerabilities for web and mobile applications, micro-services (REST, SOAP) architecture and their mitigations
* Good understanding of security flaws in common programming languages
* Knowledge and experience with network, host and application security practices
* Understanding of emerging technologies and its corresponding security threats would be a plus
* Proven experience with common public cloud environment (e.g. AWS, GCP, Azure, Alicloud)
* Strong technical understanding and experience of assessing vulnerabilities and identifying weaknesses in diverse enterprise IT assets
* Professional IT Security qualifications and/or certification
* Knowledge of Governance, Risk & Compliance
* Experience in continuous improvement and process optimisation.
Effective Leadership
* Possess strong leadership skills to bring out the best in a team. This includes both direct leadership and cross-functional capabilities
* Experience within fast-moving, complex and demanding corporate environments and able to provide appropriate direction to the team whilst dealing with ambiguity and change
* Act as a role-model for more junior members of Cybersecurity and Technology
