Sr Mgr Software Engineering

HMH is a learning technology company committed to delivering connected solutions that engage learners, empower educators and improve student outcomes. As a leading provider of K–12 core curriculum, supplemental and intervention solutions, and professional learning services, HMH partners with educators and school districts to uncover solutions that unlock students’ potential and extend teachers’ capabilities.

HMH serves more than 50 million students and 4 million educators in 150 countries. HMH Technology India Pvt. Ltd. is our technology and innovation arm in India focused on developing novel products and solutions using cutting-edge technology to better serve our clients globally. HMH aims to help employees grow as people, and not just as professionals. For more information, visit www.hmhco.com

The Senior Manager of Information Security (External Role Description – Application / Product Security Architect) will report to the Chief Information Security Officer. As a leader in the Information Security organization, this role will lead the task of refining, managing and executing strategic product/application security roadmap that is based on industry standard software security frameworks. You will plan, implement and track key initiatives focused on product / application security strategy, metrics, compliance, policy, developer awareness, training and stakeholder engagement. You will work closely with multiple teams that make up Information Security, Product Management, Engineering, Legal, Risk and Compliance to improve product / application security controls and drive impactful change to the team and its members.

Responsibilities:

• Bring a deep background and broad experience in Information Security, Application Security, & Application Development or related business areas.
• Lead a team of high performing individuals who create remediation plans, perform security reviews, and recommend security solutions to meet current and future needs for HMH products and applications.
• Drive the development and implementation of product and application standard security review processes that result in effective methods for reducing security risks before product releases.
• Demonstrate an ability to influence all project and portfolio stakeholders; communicate relevant security information to both executive leaders and individual contributors in an effective manner.
• Accountable for all aspects of staff management, hiring, coaching, training, performance reviews and recommending pay actions and promotions for the Security Engineering team
• Provide input into the Information Security strategy to ensure that future security investments are aligned appropriately when considering key priorities such as business requirements, industry threat landscape, and risk appetite of HMH.
• Collaborate closely with the Architecture teams
• Demonstrated experience handling the demand/supply of project and program resources and tracking allocation.
• Track policy exceptions and remediation dates through active engagement with development teams and operations teams. Partner with Audit teams to periodically audit controls and secure coding practices being followed by development teams.
• Staying abreast of latest cyber security threats both internal and external
• Oversee projects, program delivery, daily monitoring, response; review of cloud infrastructure, physical infrastructure, and the full life cycle of alerts through incident response; and the threat landscape to ensure ongoing and continued maturity of the organization's security controls in addition to service support
• Drive operational efficiency and excellence leveraging tools, process and automation with appropriate and transparency visibility and metrics that can meet SLAs/SLOs
• Support and implement controls and visibility to meet third party attestations (SOC2, ISO27001, GDPR, SOX)
• Balance being collaborative, open, and approachable while still being firm on security policies and in facilitating progress and compromise

What you should have:

• 5 to 6+ years hands-on experience in application security utilizing SAST, DAST, IAST, RASP and WAF.
• 5+ years of application engineering, architecture or development management experience
• Proficient analyzing ambiguous problems, compelling communicator with the ability to receive and analyze information, translating security risk to business risk to driving actionable decisions across multiple levels and departments
• Experience in leading application security remediation work, leading the mitigation initiative to accommodate the developer community priority.
• Proficient experience with common web application attack vectors and related mitigation strategies that translate to controls within the organization
• You are highly organized. With many people doing many things in a fast-moving company, strong organizational skills—both for yourself and for the team—will be required

HMH Technology Private Limited is an Equal Opportunity Employer and considers applicants for all positions without regard to race, colour, religion or belief, sex, age, national origin, citizenship status, marital status, military/veteran status, genetic information, sexual orientation, gender identity, physical or mental disability or any other characteristic protected by applicable laws. We are committed to creating a dynamic work environment that values diversity and inclusion, respect and integrity, customer focus, and innovation. For more information, visit https://careers.hmhco.com/. Follow us on Twitter, Facebook, LinkedIn, and YouTube.