Director Of Technology (Product Security)
CurrentResponsible for effective management of security programs and governance within software development teams within Business Services part of the organisation. The role involves developing KPIs, metrics and implementation of processes and tools to measure and report on the security posture of products and squads across Business Services products. Other responsibilities included:• Conduct assessments from various scans and pen-tests, prioritise and pursue prompt resolutions by teams.• Create and maintain KPIs related to security vulnerabilities across the various security scans and Business Services products.• Conduct technical risk assessments of products/assets and drive the adoption of automated tools for static code analysis(SAST), OSS/3rd party library scans(Software Composition Analysis/SCA), dynamic web application scanning (DAST) and 3rd party / internal penetration testing.• Direct the response and resolution to Security incidents in collaboration with InfoSec and Security engineers and business stakeholders. • Technical Resilience, Business Continuity and Disaster Recovery planning.• Contributing to responses to customer and 3rd party security questionnaires.• Develop and execute a progressive security program and associated software development / DevOps practices in compliance with the policies set by our parent company and CISO. • Collaborate with peers when required to respond to customer RFI’s with regards to security policies and the security controls applied by specific products. • Liaise with our Legal team on contractual security measures within the context of OSS usage within Business Services’ estate.• Support Product Development and the commercial priorities of our business as a member of the Technology Leadership Team.