Senior Manager, Secure Product Development

Job title:

Senior Manager, Secure Product Development

Company

ResMed

Job description

The Information Technology (IT) team plays a key role in providing business enablement throughout ResMed. We are focused on application, infrastructure, and user productivity solutions, with innovation, efficiency and security. Our goal is providing customer oriented agile delivery, effective business partnership and state-of-the-art technology solutions.Sr. Manager, Secure Product DevelopmentDepartmentGlobal IT SecurityPrimary ObjectiveThe Senior Manager, Secure Product Development primary role is to help assure the integrity and security of all ResMed Products. It plays an integral role in defining and assessing the organization’s security strategy, architecture and practices for secure product development. Duties include evaluating and overseeing security risks, developing controls, performing gap analysis and prioritizing security projects using a risk-based approach. This role will work closely with the IT Security team, and ResMed Development teams, and key business stakeholders to ensure alignment of business goals and strategy with security initiatives. The role requires strong security, communication, influence, critical thinking, and leadership skills. There are also global responsibilities, including project implementation and oversight, policy and standards creation and management, risk assessment and management, 3rd level security operations, and other support.The position will require international travel.Job EnvironmentThis role will be a global role and is part of the IT Security group, which is globally deployed.Responsibilities and AccountabilitiesA key role of the Information Security Manager is to assist in the improvement of ResMed’s IT security posture, protecting confidentiality, and assuring the integrity and security of all ResMed’s Products while ensuring alignment with business goals, vision, and strategy.Specific tasks include (but are not limited to):

• Evaluate and oversee information security risks, developing security measures and best practice resolutions to safeguard information against accidental or unauthorized modification, destruction, or disclosure across all company business units, or inappropriate access to ResMed systems and data through the creation and oversight of cloud development security standards and practices.
• Develop capabilities, services, and platforms that are leveraged to reduce the overall risk to cloud and hybrid environments, that meet or exceed security architecture controls framework, and that deliver risk transparency across a dynamic business landscape.
• Design and plan enterprise-scale cloud environments (using AWS, Azure or similar providers) including Identity management, Access controls, Encryption, Application dependencies, Data storage and flow, Network model and connectivity, and overall Cloud hosting, individually, or in collaboration with IT engineers and architects.
• Work with all stakeholders to provide detailed technical documentation for the security requirements of release planning, testing, deployment, and risk management.
• Oversee the design, implementation, and management of the infrastructure and tooling necessary to support all security aspects of continuous integration, continuous delivery, and continuous deployment (CI/CD) pipelines.
• Collaborate with key stakeholders to identify opportunities for automation, process improvement, and infrastructure optimization.
• Monitor progress and effectiveness of cloud infrastructure and development security controls through continuous maturity assessment and reporting.
• Track and understand evolving threats to cloud environments, and corresponding mitigation solutions, and raise alarm when ResMed is at risk.
• Design and develop cloud development security strategy, standards and requirements.
• Research and implement new technologies to improve and grow the cloud security infrastructure as well as secure development (e.g. applications, systems, outsources services).
• Maintain operational guidelines, diagrams and documentation for Cloud security and infrastructure.
• Lead, mentor, and motivate the DevOps team, fostering a culture of collaboration, innovation, and continuous improvement.
• Work closely with the developer experience team to integrate security automation into the development process
• Set clear goals and objectives for the team and individual team members and provide regular feedback and performance evaluations.

Position Specific Skills and ChallengesPosition Specific Skills and Competencies

• Demonstrate a high degree of personal and professional integrity, required by the sensitive nature of the role.
• Demonstrate initiative and persistence in achieving goals.
• Manage conflicting priorities and unexpected situations with minimal supervision.
• Communicate with geographically dispersed and culturally diverse audiences.
• Participate as an engaged and value-adding member of the Global IT staff, and the IT Security Team.
• Respond to challenges and incidents with the appropriate level of urgency.

Position Challenge

• Competent to globally manage across multiple cultures and time zones.
• Collaborate effectively with key stakeholders within and outside the organization.
• Actively listen and develop robust solutions for new challenges and developments through their lifecycle.

Qualifications and Experience

• Previous experience as an AWS Dev/Sec/Ops Engineer developing continuous Integration and Continuous Delivery pipelines (CI/CD)
• Deep understanding of Cloud orchestration and AWS Cloud platform best practices.
• Experience with AWS cloud services such as WAF, EC2, S3, Lambda, VPC, CloudWatch, CloudTrail, EKS, ECS, KMS, IAM, RDS, etc.
• Experience with of Infrastructure as a Code and the use of Application Release Automation tools
• Experience producing metrics and dashboards to report on capacity, usage, etc.
• Experience working in a regulated secured environment and understanding the security requirements (NIST, ISO, etc.).
• Experience working with production incident management tools and processes to resolve Enterprise level issues.
• Experience in working with DevOps, Agile, Scrum, Kanban methodologies
• Expertise in Securing Software Development Lifecycles
• Experience deploying application infrastructure, system architecture, and operating system

Joining us is more than saying “yes” to making the world a healthier place. It’s discovering a career that’s challenging, supportive and inspiring. Where a culture driven by excellence helps you not only meet your goals, but also create new ones. We focus on creating a diverse and inclusive culture, encouraging individual expression in the workplace and thrive on the innovative ideas this generates. If this sounds like the workplace for you, apply now! We commit to respond to every applicant.

Expected salary

Location

Halifax, NS

Job date

Thu, 18 Jul 2024 07:10:50 GMT

To help us track our recruitment effort, please indicate in your email/cover letter where (globalvacancies.org) you saw this job posting.