Product Security & Privacy Consultant
Chicago, IL

Job Description

What's the role?

Join our fast growing international team in this highly visible Business enablement role in which you will become part of the HERE Security, Privacy and Continuity (SPC) team.

You will be working with the Services organization to help them develop Location Based Services that align with Internal HERE policies as well as applicable regulations and legislation. The Product Security Manager will serve as the primary security point of contact for product teams.

This is a hands-on position providing oversight, architectural mentorship, and onboarding to security services through solutions architecture and security consultancy. You will also be working across the organization, driving implementation of Security DevOps and advancing the security maturity of here products

You are able to work in international and multi-cultural virtual teams, identify the needed/missing capabilities and contribute in application security training, awareness and competence development by building and maintaining a security community in the HERE Services organization.

Main Responsibilities:

* Evaluate product security maturity and work with product teams to develop a prioritized backlog for improving security.
* Contribute to developing, maintaining and improving a SECURE SDLC.
* Lead all security activities within given services development and operation projects.
* Provide architectural support to product teams to enable them to build secure web applications that are operated securely to enable detection and response team goals.
* Lead and ensure the successful resolution of identified vulnerabilities.
* Participate in the development of internal security training and awareness.
* Ensure that R&D services and application teams have the necessary competencies and appropriate tools to fulfill security, privacy and continuity requirements.
* Ensure security go-live requirements are met.
* Perform and facilitate business impact assessments, risk and threat analysis.
* Manage security testing activities.
* As necessary, review and contribute to 3rd party contracts and lead contractors' requirement fulfillment.
* Develop relevant policies, standards, procedures and guidelines thus contributing to HERE governance, risk and compliance area on Security, Privacy and Continuity related topics.

Who are you?

Position Requirements:

* BSc or higher degree in Computing Science, or equivalent experience
* Relevant work experience in web services and application security management and/or development 5+ years
* Strong knowledge of information security principles, standard methodologies, architectures, tools and processes
* Good understanding of application and infrastructure security tools, processes, and organizations.
* Shown experience in defining and writing policies, standards, procedures and guidelines
* Knowledge of relevant information security standards e.g. ISO 27001
* Knowledge of software and network architecture and standards
* Ability to understand business drivers and priorities, and integrate these requirements into overall security design
* Knowledge of web technologies and standards such as HTML, JavaScript, SQL, JSON, XML, XHTML, SSL/TLS, REST, SAML, OAuth
* Experience in secure application development and typical design patterns especially when applied in agile environments targeting for rapid production updates.
* Ability to communicate security objectives orally and in writing to both a technical and non-technical audience.
* Self-motivation with the ability to work independently in a global team and as a team member with minimal direction

Expertise/skills preferred

* Experience in defining, developing, maintaining and supporting a SDLC in agile / continuous delivery mode organization is a strong plus.
* Professional security certifications like CISSP, CISA, CISM, CRISC, ISO 27001 Lead Auditor / Lead Implementer or similar are a plus
* Experience with ISO 27001 standard implementation is a plus
* Some background in Java, C/C++, Python, Ruby, or other modern programming languages is a plus
* Experience in secure code reviews is a plus

Who are we?

Ever checked in somewhere on social media? Ever tracked your online orders?" You might be using HERE Technologies every single day without even realizing it. You can find us everywhere: in vehicles, smartphones, drones or third-party apps. We believe that with the right people, we will continue to be a game-changer in the technology industry and improve the daily lives of people around the world. Find out more by clicking the video below or going HERE.

HERE is an equal opportunity employer. We evaluate applicants without regard to race, color, age, gender identity, sexual orientation, marital status, parental status, religion, sex, national origin, disability, veteran status, and other legally protected characteristics.

#LI-VP1