Application Security Manager

The Application Security Manager will be responsible for the architecture and engineering aspects of embedding security into the day-to-day activities of the software engineering teams to ensure the systems developed are in compliance with applicable security policies, regulations and industry standards.

The position will be tasked with identifying and reporting on vulnerabilities in applications developed internally and their supporting infrastructure, and researching threats and attack vectors that impact web, enterprise and mobile applications. With a focus on turning vulnerabilities into actionable opportunities to improve the security posture of the products and systems, the position will also assist the Product Engineering and IT teams in the remediation efforts and the creation of the appropriate processes to reduce the number of vulnerabilities early on the development phases. This position will also work as POC for any security engineering related item for the region where is located.

This role will be located in Portugal or in the LATAM region.

Responsibilities

• Demonstrated skills in the area of Cyber Security and associated compliance regulations and industry standards, which include, but are not limited to:  SSAE18, PCI-DSS, ITIL, ISO 27001, COBIT, NIST 800-53
• Conduct reviews of existing application code and implementations, and recommend industry best practices in the area, as well as having the capability to analyze multiple instances of vulnerability patterns that can be traced to a single root cause to eliminate existing risks through the development of policies and processes 
• Support application security initiatives to ensure the software applications do not pose information risk to the company, developing and updating security patterns aligned with security requirements 
• Support AI initiatives, ensuring the security implementation of the technology 
• Partner with teams and deliver security risk assessments, manual/automated/external penetration testing, automate security testing, threat modeling, and education on secure coding
• Integrate Static and Dynamic Application Security Testing and reporting into the SDLC to ensure that new applications or applications undergoing a major change are assessed for vulnerabilities prior to production implementation
• Create functional and non-functional security requirements, including delivering secure cloud services that strike a balance of product usability 
• Project management skills that organize, drive, and execute initiatives
• Demonstrated collaboration with all global technology functions to ensure that the ongoing education, awareness, and execution aligns with the Security Engineering Roadmap 
• Demonstrated ability to drive security conversations based upon factual data
• Demonstrated experience working in a complex global environment and being a security change agent in order to drive improved security controls and operations
• Disaster Recovery strategy – partner with technology to design, implement, and operate regional disaster recovery models and plans for applications 
• Work closely with the Global Director of Security Engineering on the development of functional goals and objectives  
• Be seen as a functional leader and resource within the company and security technical lead for the region 
• Support other areas in global security, including investigations, risk assessments, and new projects as required 
• Support the approval process for requirements from internal and external clients   

Skills and Qualifications

• Bachelor's Degree in computer science, engineering, business degree or related degree, and/or equivalent field experience
• Fluent in English written and verbal, bilingual a plus
• 5+ years of increasingly diverse or complex experience in the field of Cyber Security within a global environment
• 3+ years of professional development or application security experience
• Experience working in an ITIL environment
• People management skills and proven experience leading diverse teams both on and offshore
• Strong understanding of Software Security Architecture and Design, SDLC, CI/CD, and the ability to clearly articulate best practices for application security
• Experience with the following application tools (DAST, SAST, IAST, RASP, WAF, etc) and building strong vendor relationships
• Previous application security testing or incident response experience, including documenting vulnerabilities, findings or incidents  
• Understanding of ISO27001 processes and practices
• Ability to create business strategies and business cases
• Understanding of financial drivers and strong P&L experience 

Preferred Qualifications

• Prior call center experience is highly advantageous given the specialized security environment that will be managed
• CISSP (Must be obtained within 2 years of being in role) 

About Foundever®

Foundever™ is a global leader in the customer experience (CX) industry. With 170,000 associates across the globe, we’re the team behind the best experiences for +750 of the world’s leading and digital-first brands. Our innovative CX solutions, technology and expertise are designed to support operational needs for our clients and deliver a seamless experience to customers in the moments that matter.

#LI-MM1

#LI-Portugal