MetLife Director, Application Security Strategy & Governance in Cary, North Carolina
Job Location: United States : North Carolina : Cary
The Role :
The Application Security team in MetLife’s IT Risk & Security organization plays a critical role in ensuring the security of MetLife’s applications and protecting customer and MetLife data. The team works closely with global application development teams and leading application security vendors who provide SAST/DAST/SCA/WAF/RASP and ethical hacking services.
Application security is a top area of focus at MetLife and we are working to embed a ‘secure by design’ culture and associated practices in all development teams. We have adapted key practices recommended by industry standard software security maturity models to further enhance MetLife’s Application Security strategy. This is an exciting time to join the Application Security team as we are continuing to expand the team and invest in new capabilities.
The Director of Application Security Strategy & Governance will play an important role in implementing the strategic roadmap and in driving initiatives to improve governance and operational practices. This leader will also drive strategic engagement with application development teams, divisional CIO’s and be responsible for security assurance and compliance activities related to application security.
Lead a team tasked with refining, managing and executing MetLife’s global strategic application security roadmap that is based on industry standard software security frameworks. Plan, implement and track key initiatives focused on strategy, metrics, compliance, policy, developer awareness, training and global stakeholder engagement.
Lead the strategic improvement of how metrics are assembled and reported on the state of application security at MetLife. Create data driven actionable insights for application development teams to reduce risk. Use a risk-based approach to identify and track high risk applications with security vulnerabilities and track remediation activities
Share a comprehensive view of current state of application security metrics across full application portfolio at MetLife with stakeholders across CIO organizations. Chair monthly global application security governance forums with CIO delegates on program updates, security metrics and emerging security topics
Manage and maintain MetLife’s application security policies, standards and procedures to comply with customer and regulatory mandates (e.g. NYDFS, PCI, HIPAA etc.). Liaise with Vendor Management and Procurement teams to manage, track vendor compliance and obtain attestation of software security. Track policy exceptions and remediation dates through active engagement with development teams and operations teams
Partner with Audit teams to periodically audit controls and secure coding practices being followed by development teams. Provide high impact presentations to ensure executive awareness of the AppSec program and associated metrics to CIO’s and senior leaders. Publish, maintain and curate security content, industry research articles, security directives, emerging threats, best practices, developer Q&A etc. along with a holistic security awareness and training strategy.
Essential Business Experience and Technical Skills:
Experience in developing or managing application security and vulnerability management programs
Knowledge and experience of industry standard frameworks like BSIMM and SAMM and strong working knowledge of OWASP Top 10 and SANS/CWE Top 25
Experience in a governance function and in engaging with senior stakeholders, reporting metrics and dashboarding and visualization tools like Power BI
Working experience with a variety of application security testing methods & disciplines, white-box/black-box testing, application ethical hacking (AEH) & penetration testing
Strong knowledge of SDLC and working experience with large scale development projects, IDEs & defect tracking systems in an Agile Scrum environment
Preference to candidates with one or more of the following industry recognized certifications: CISSP, CSSLP, CEH, GWEB or GWAPT
Bachelor’s Degree required; Advanced degree preferred
Experience creating an effective employee development & retention program
Experience leading geographically dispersed, multinational staff & projects
Excellent communication and facilitation skills
Strong analytical skills with the ability to collect, organize, analyze, and disseminate significant amounts of information with attention to detail and accuracy
At MetLife, we’re leading the global transformation of an industry we’ve long defined. United in purpose, diverse in perspective, we’re dedicated to making a difference in the lives of our customers.
MetLife is a proud equal opportunity/affirmative action employer committed to attracting, retaining, and maximizing the performance of a diverse and inclusive workforce. It is MetLife's policy to ensure equal employment opportunity without discrimination or harassment based on race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, uniformed service member or veteran status, or any other characteristic protected by law.
MetLife maintains a drug-free workplace.
For immediate consideration, click the Apply Now button. You will be directed to complete an on-line profile. Upon completion, you will receive an automated confirmation email verifying you have successfully applied to the job.
Requisition #: 111699