Manager, Information Security - Application Security Lead

Summary

Application Security applies the understanding of a broad range of technologies and solutions to support strategic business needs and engages with customers at all levels of the organization to successfully realize the vision. They will lead the execution of application security assessments including architecture review, threat modeling, code review, and penetration testing, assisting and enabling the product teams to adopt secure development practices. They will gather and analyze information on Celestica’s technology, making recommendations and resolving security issues as required. 

#LI-MH1

Detailed Description

Performs tasks such as, but not limited to, the following:

• Collaborate with development teams to ensure the adoption of Secure SDLC best practices across the entire application lifecycle

• Validate internal, external, and crowd-sourced application security findings and articulate them to engineering teams by including clear reproduction steps, impact, and remediation advice

• Improve security reporting, including coordinating vulnerability management, penetration testing, and compliance initiatives

• Maintain and monitor the SAST tools with the collaboration of the projects

• Performs strategic assessment and understanding of current capabilities and future security needs of the enterprise, recognize and understand business security risks and define the appropriate risk mitigating controls/technologies

• Able to identify new and alternative approaches to implementing and managing security activities. Provide security consultation and implementation of appropriate controls to minimize the risk of potential loss of revenue, business opportunity or competitive advantage due to malicious attacks, accidental corruption of information, or unauthorized access to sensitive Company or Customer information assets.

• Able to use the business requirements and develop a well-formulated model for security controls, practices, or technologies needed to facilitate

• Maintain relationships with and consult with industry leading Information Security Associations, Companies, and Forums to ensure currency of latest technology and process advances through the above and appropriate education. Manage security trends and how they affect CLS architecture and security protection landscape.

• Liaise with the enterprise architecture, IT Infrastructure and Site IT team to ensure alignment between the security initiatives and projects.

Knowledge/Skills/Competencies

• Understanding of how scanning tools, penetration tests, and post-deploy scanning tools work together in the application security lifecycle.
• Serve as a subject matter expert on matters of SSDLC and the related tools such as OSS, DAST, SAST, IAST and vulnerability management tools
• Ability to prepare budgets and ROI
• Skills and Experience in Producing Systems Designs
• Experience in risk and compliance management and process development in the areas of information technology and security
• Advanced knowledge of risk mitigation and business controls
• Excellent communication and business writing skills as well as the ability to develop executive-level presentations/strategies that include process diagrams and designs.
• Strong customer management skills; ability to clearly articulate the role that IT can play in enhancing customer’s activities

Physical Demands

Duties of this position are performed in a normal office environment.

Duties may require extended periods of sitting and sustained visual concentration on a computer monitor or on numbers and other detailed data. Repetitive manual movements (e.g., data entry, using a computer mouse, using a calculator, etc.) are frequently required.

Typical Education

Bachelor's Degree.  Specialized Knowledge / Skills.  Security Certifications (CISSP, CISA, CRISC, etc...)

Notes

This job description is not intended to be an exhaustive list of all duties and responsibilities of the position. Employees are held accountable for all duties of the job. Job duties and the % of time identified for any function are subject to change at any time.