Senior Manager - IT Security
MMC

• The LEADER, APPLICATION SECURITY ENGINEERING role will be responsible for leading a technical team of DevSecOps engineers and technical security analysts to define the application security requirements, select and standardize security tools, and integrate security policy/requirements into the DevOps processes. Additionally, this role will oversee the technical requirements and standards for at-rest-encryption solutions designed to protect highly sensitive data in accordance with various regulatory and client requirements. Application security requirements and standards need to be designed for agile development methods leverage traditional application architectures in addition to cloud and container workloads.
• This senior leader role will also directly interface with business CIOs and digital leaders, application support teams, and security leaders to set the direction for security testing and validation software designed to identify weaknesses in developed code within the CI/CD pipeline process, assess running code and applications in production, and security vulnerabilities in acquired code from open sources.
• Leadership of this team will directly influence the cyber strategies of the firm and the capability to mature our core cybersecurity functions and is the cornerstone of our confidentiality, integrity and availability requirements of our IT systems and applications globally.
• Reporting directly to the Global Chief Information Security Officer, this key Global Leader position is fundamentally responsible for creating application security solutions designed to prevent a cyber-attack on MMC's IT applications.

We will count on you to:

• Develop and implement application security strategies, processes, and tools to identify, detect, and prevent threats to MMC's application environment.
• Establish and build the Application Security Engineering team, develop chart, vision, and implement strategy is partnership with the Global Information Security, Global Technology Infrastructure, and the Application Management Solutions teams.
• Lead the assessment of our security tools used with the various business Software Development Life Cycle processes to identify business requirements, rationalize tools used across the firm and standardize code weakness analysis processes.
• Oversee the team responsible for developing and integrating strong application security principles within the way our developers work every day with the specific intention of enabling developers to create secure applications, free from security defects, by design.
• Lead cross business teams to develop and adopt a common application security toolset roadmap. Enable global standards for application security tools to unify vulnerability reporting, create predictable CI/CD pipeline processes, and enable application teams to develop new capabilities securely, using agile development methodologies.
• Develop program level metrics to measure the success and opportunities of the application security engineering team and the efficacy of the application security tools in use.
• The global leader will be responsible for ensuring the team is staffed with the right blend of skill sets and abilities to perform the very technical, highly visible, and impacting work this function requires.
• Serve as the subject area expert and global application security leader to develop and implement security strategies designed to enhance the overall cybersecurity posture of the firm.
• Oversee the technical software analysis team and process to review new 3rd party applications for security risk and weakness that may threaten the security posture of MMC's application and data assets.
• Oversee the application security engineering function with respect to new application hosting designs to identify and correct deficiencies in application connectivity, authentication, authorization, accounting, data protection, and cloud security standards.
• Frequently meet with the business executives, application owners, and IT leaders relative to identifying application development requirements of our business systems and the remediation of threats and vulnerabilities within our application environment.

.What you need to have:

• 10+ years' experience in software and application development with strong understanding of DevOps and Secure Software Development Lifecycles.
• Experience in application security engineering best practices application security reviews and technical software analysis.
• Intimately familiar with both traditional on-premises and cloud-hosted application architectures.
• Significant experience with MFA, data encryption and encryption algorithms.
• Strong understanding of OWASP application security weaknesses.
• Familiarity with application encryption solutions, APIs, and micro services technologies.
• In-depth knowledge of Information Security, network technologies, and associated security methodologies related to application security.
• The manager of the team must have exceptional written and oral communication skills. Relationships with outside industry experts in the security space a plus.

What makes you stand out:

• Relevant professional qualification
• Relevant technical certifications:
• CISSP or similar a plus though not required.
• Certified SAFe 4 Agilist a plus though not required.
• Certified SAFe 4 DevOps Practitioner a plus though not required.
• Certified SAFe 4 Practitioner a plus though not required

What is in it for you?

• A company with a strong brand and strong results to match.
• Culture of internal mobility, collaboration and valued partnerships.
• Competitive pay (salary and performance bonus potential).
• Full benefits package - starting day one (medical, dental, vision, life insurance, 401k match AND contribution)

Marsh is the world's leading insurance broker and risk adviser. With over 35,000 colleagues operating in more than 130 countries, Marsh serves commercial and individual clients with data driven risk solutions and advisory services. Marsh is a business of Marsh McLennan (NYSE: MMC), the leading global professional services firm in the areas of risk, strategy and people. With annual revenue approaching US $17 billion and 76,000 colleagues worldwide, MMC helps clients navigate an increasingly dynamic and complex environment through four market-leading businesses: Marsh, Guy Carpenter, Mercer, and Oliver Wyman. Follow Marsh on Twitter @MarshGlobal; LinkedIn; Facebook; and YouTube, or subscribe to BRINK.

This job has expired.