Scroll

Application Security Team Lead

Toronto, Canada

Description:

CaseWare has embarked on an ambitious new path of innovative, cloud-based technology solutions, adding to our successful, proven track record of delivering global accounting and auditing solutions to the Windows Desktop.

Lead a team tasked with refining, managing and executing CaseWare’s strategic application security roadmap that is based on industry standard software security frameworks. Plan, implement and track key projects focused on strategy, metrics, compliance, policy, developer awareness, training and stakeholder engagement. Develop an application security program and report on application security metrics. Create actionable insights for application development teams to reduce risk. Use a risk-based approach to identify and track high-risk applications with security vulnerabilities and track remediation activities. Manage and maintain CaseWare’s application security policies, standards and procedures to comply with customer and regulatory mandates (e.g. ISO 27001, SOC 2, etc.). Track policy exceptions and remediation dates through active engagement with development teams and cloud operations teams. Partner with Audit teams to periodically audit controls and secure coding practices being followed by development teams. Publish, maintain and curate security content, industry research articles, security directives, emerging threats, best practices, developer Q&A etc. along with a holistic application security awareness and training strategy.

Specific Responsibilities

  • Collaboratively work with Application Development and guide them to follow security best practices
  • Evaluate internal technology risk processes as it relates to application testing and provide process governance as well as leadership concerning adjusting to future needs
  • Liaison with teams responsible for addressing the external requests related to application security
  • Coordinate security training for the development staff
  • Manage and update Key Performance Indicators (KPI’s) for the Application Security Program
  • Coordinate with team members and policy management to ensure control standards and policies are up to date
  • Manage the application security threat modeling process and coordinate application threat models against CaseWare applications
  • Liaison with various internal teams (Application Development, Architecture, Cloud Operations) for Application security initiatives and automation efforts.
  • Manage new projects and initiatives related to application security as needs arise
  • Evangelize application security within CaseWare and work with Application Development to incorporate new program direction into applications
  • Coordinate with team members to track internal audit and regulatory assessments and address requests related to the Application Pentest
  • Provides regular status updates on all assigned tasks and deliverables.
  • Maintains issue logs, tracks/follows up on problems.
  • Mitigate risk by following established procedures and monitoring controls, spotting key errors and demonstrating strong ethical behavior.
  • Performs related duties as required